Vulnerabilities > CVE-2020-28873 - Use of Password Hash With Insufficient Computational Effort vulnerability in Fluxbb 1.5.11

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

fluxbb

CWE-916

NVD

Published: 2021-03-17

Updated: 2023-11-07

Summary

Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server.

Vulnerable Configurations

Part	Description	Count
Application	Fluxbb Fluxbb Fluxbb 1.5.11	1

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

http://fluxbb.com
https://www.acunetix.com/vulnerabilities/web/long-password-denial-of-service/#:~:text=By%20sending%20a%20very%20long%2Ca%20vulnerable%20password%20hashing%20implementation