Vulnerabilities > CVE-2021-33563 - Use of Password Hash With Insufficient Computational Effort vulnerability in Koel

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

koel

CWE-916

NVD

Published: 2021-05-24

Updated: 2021-06-03

Summary

Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier.

Vulnerable Configurations

Part	Description	Count
Application	Koel Koel Koel - Koel Koel 1.0.0 Koel Koel 1.1.1 Koel Koel 1.1.2 Koel Koel 2.0.0 Koel Koel 2.0.1 Koel Koel 2.0.2 Koel Koel 2.1.0 Koel Koel 2.2.0 Koel Koel 2.2.1 Koel Koel 3.0.0 Koel Koel 3.0.1 Koel Koel 3.1.0 Koel Koel 3.1.1 Koel Koel 3.2.0 Koel Koel 3.3.0 Koel Koel 3.3.1 Koel Koel 3.4.0 Koel Koel 3.4.1 Koel Koel 3.5.0 Koel Koel 3.5.1 Koel Koel 3.5.2 Koel Koel 3.5.3 Koel Koel 3.5.4 Koel Koel 3.5.5 Koel Koel 3.6.0 Koel Koel 3.6.1 Koel Koel 3.6.2 Koel Koel 3.7.0 Koel Koel 3.7.1 Koel Koel 3.7.2 Koel Koel 4.0.0 Koel Koel 4.1.0 Koel Koel 4.1.1 Koel Koel 4.2.0 Koel Koel 4.2.1 Koel Koel 4.2.2 Koel Koel 4.3.0 Koel Koel 4.3.1 Koel Koel 4.4.0 Koel Koel 5.0.0 Koel Koel 5.0.1 Koel Koel 5.0.2 Koel Koel 5.1.0 Koel Koel 5.1.1 Koel Koel 5.1.2 Koel Koel 5.1.3	47

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References