CVE-2024-23091
published 2024-07-30CVE-2024-23091: Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.40%
31.7th percentile
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | hoteldruid | — | — |
| digitaldruid | hoteldruid | < 1.3.2 | 1.3.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2024-23091: hoteldruid - Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows...
vendor_debian·2024·CVSS 7.5
CVE-2024-23091 [HIGH] CVE-2024-23091: hoteldruid - Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows...
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
Scope: local
bookworm: open
bullseye: open
sid: open
OSV
CVE-2024-23091: Weak password hashing using MD5 in funzioni
osv·2024-07-30·CVSS 7.5
CVE-2024-23091 [HIGH] CVE-2024-23091: Weak password hashing using MD5 in funzioni
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
GHSA
GHSA-grg4-p2px-v4hg: Weak password hashing using MD5 in funzioni
ghsa_unreviewed·2024-07-30
CVE-2024-23091 [HIGH] CWE-916 GHSA-grg4-p2px-v4hg: Weak password hashing using MD5 in funzioni
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://medium.com/%40cnetsec/security-advisory-cve-2024-23091-weak-password-hashing-using-md5-f18a6fe3a473https://www.hoteldruid.com/en/download.htmlhttps://medium.com/%40cnetsec/security-advisory-cve-2024-23091-weak-password-hashing-using-md5-f18a6fe3a473https://www.hoteldruid.com/en/download.html
2024-07-30
Published