CVE-2024-7701Use of Password Hash With Insufficient Computational Effort in Percona-toolkit

CWE-916Use of Password Hash With Insufficient Computational Effort4 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
0.1%
top 79.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Percona Percona-toolkitDebian Percona-toolkitPercona Toolkit
Timeline
PublishedDec 15

Description

Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0.

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages4 packages

debiandebian/percona-toolkit< percona-toolkit 3.7.1-1 (forky)
Debianpercona/percona-toolkit< 3.7.1-1
NVDpercona/toolkit3.6.0
CVEListV5percona/percona-toolkit3.6.0

🔴Vulnerability Details

2
OSV
CVE-2024-7701: Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing2024-12-15
GHSA
GHSA-r44j-crv5-q35m: Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing2024-12-15

📋Vendor Advisories

1
Debian
CVE-2024-7701: percona-toolkit - Use of Password Hash With Insufficient Computational Effort vulnerability in per...2024
CVE-2024-7701 — Debian Percona-toolkit vulnerability | cvebase