Openslides
CVE-2024-22892
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords.
AnalysisAI
OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-326. OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords. Affected products include: Openslides.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Openslides
View allAn XSS issue was discovered in OpenSlides before 4.2.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely
An issue was discovered in OpenSlides before 4.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exp
OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and electi
OpenSlides versions prior to 4.2.29 allow unauthorized authentication bypass for SAML-synchronized users through the loc
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. Rated
A directory traversal issue was discovered in OpenSlides before 4.2.5. Rated low severity (CVSS 3.0), this vulnerability
An issue was discovered in OpenSlides before 4.2.5. Rated low severity (CVSS 3.5), this vulnerability is remotely exploi
Same weakness CWE-326 – Inadequate Encryption Strength
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today