Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use of a One-Way Hash without a Salt in OnlineVotingSystem
Vulnerability Description
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords. This problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
使用未加Salt的单向哈希算法
Vulnerability Title
OnlineVotingSystem 加密问题漏洞
Vulnerability Description
Dbijaya OnlineVotingSystem是Dbijaya个人开发者的一个基于Java的在线投票系统。 OnlineVotingSystem before version 1.1.2 存在加密问题漏洞,该漏洞源于没有使用salt对用户密码进行hash,攻击者可利用该漏洞就更容易使用字典攻击技术预先计算哈希值来破解密码。
CVSS Information
N/A
Vulnerability Type
N/A