漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking
Vulnerability Description
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapidly recover plaintext credentials via offline attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Vulnerability Title
newbee-mall 加密问题漏洞
Vulnerability Description
newbee-mall是newbee开源的一套电子商务系统。 newbee-mall存在加密问题漏洞,该漏洞源于使用未加盐的MD5哈希算法存储和验证用户密码,可能导致攻击者通过离线攻击快速恢复明文凭据。
CVSS Information
N/A
Vulnerability Type
N/A