Vulnerabilities > CVE-2022-37164 - Use of Password Hash With Insufficient Computational Effort vulnerability in Ontrack Project Ontrack 3.4

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
ontrack-project
CWE-916
critical

Summary

Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.

Vulnerable Configurations

Part Description Count
Application
Ontrack_Project
1