Vulnerabilities > CVE-2018-15680 - Use of Password Hash With Insufficient Computational Effort vulnerability in Btiteam Xbtit 2.5.4

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

btiteam

CWE-916

critical

NVD

Published: 2018-09-05

Updated: 2019-10-03

Summary

An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack.

Vulnerable Configurations

Part	Description	Count
Application	Btiteam Btiteam Xbtit 2.5.4	1

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

https://rastating.github.io/xbtit-multiple-vulnerabilities/