CVE-2024-29886

EPSS 0.26%
Veröffentlicht 27.03.2024 19:15:49
Zuletzt bearbeitet 08.01.2026 19:09:07
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Improved security for stored password hashes

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Serverpod ≫ Serverpod Version < 1.2.6

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.173

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-916 Use of Password Hash With Insufficient Computational Effort

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

https://github.com/serverpod/serverpod/commit/a78b9e9f1de74d1300633a122b6cc0f064139ad6

Patch

https://github.com/serverpod/serverpod/security/advisories/GHSA-r75m-26cq-mjxc

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-29886

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29886

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29886

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-29886