Vulnerabilities > CVE-2022-37163 - Use of Password Hash With Insufficient Computational Effort vulnerability in Ihatetobudget Project Ihatetobudget 1.5.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://gainsec.com/2022/08/07/cve-2022-hardcoded-creds-weak-password-hauk-android-location-sharing/
- https://github.com/bminusl/ihatetobudget/issues/24
- https://gainsec.com/2022/08/07/cve-2022-hardcoded-creds-weak-password-hauk-android-location-sharing/
- https://github.com/bminusl/ihatetobudget/issues/24