Vulnerabilities > CVE-2018-15680 - Use of Password Hash With Insufficient Computational Effort vulnerability in Btiteam Xbtit 2.5.4

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

btiteam

CWE-916

NVD

Published: 2018-09-05

Updated: 2019-10-03

Summary

An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack.

Vulnerable Configurations

Part	Description	Count
Application	Btiteam Btiteam Xbtit 2.5.4	1

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

https://rastating.github.io/xbtit-multiple-vulnerabilities/