CVE-2019-12737 โ€” Use of Password Hash With Insufficient Computational Effort in Ktor

CWE-916 โ€” Use of Password Hash With Insufficient Computational Effort3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 99.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jetbrains Ktor
Timeline
PublishedOct 2
Latest updateMay 24

Description

UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

โ–ถNVDjetbrains/ktor1.1.5+1

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-r9px-8w67-f8m8: UserHashedTableAuth in JetBrains Ktor framework before 1โ†—2022-05-24
โ–ถ
CVEList
CVE-2019-12737: UserHashedTableAuth in JetBrains Ktor framework before 1โ†—2019-10-02
โ–ถ
CVE-2019-12737 โ€” Jetbrains Ktor vulnerability | cvebase