CVE-2024-25607
CVSS V2 None
CVSS V3 None
Description
The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.
Overview
- CVE ID
- CVE-2024-25607
- Assigner
- Liferay
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-02-20T09:17:04.894Z
- Last Modified Date
- 2024-02-20T09:17:04.894Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607 | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-25607 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25607 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 12:12:43 | Added to TrackCVE |