Skip to content

Instantly share code, notes, and snippets.

@mdickopp
Created September 25, 2024 12:51
Show Gist options
  • Save mdickopp/0cab0d7f91b1f4ea0d326dd976db70e5 to your computer and use it in GitHub Desktop.
Save mdickopp/0cab0d7f91b1f4ea0d326dd976db70e5 to your computer and use it in GitHub Desktop.
CVE-2024-22892

CVE-2024-22892

Weak password hashing in OpenSlides 4.0.15

OpenSlides 4.0.15 hashes passwords by applying a single round of SHA-512 to the cleartext password and the salt. Attackers who have obtained the hashed passwords can therefore calculate the cleartext passwords within a very short amount of time, using massively-parallel computing (such as cloud computing) and GPU, ASIC, or FPGA hardware.

This vulnerability has been fixed in OpenSlides 4.0.16.

Timeline

  • 2023-Nov-19: Reported to vendor
  • 2023-Nov-20: Vendor confirmation
  • 2023-Nov-23: Vendor fix available
  • 2024-Sep-25: Public disclosure
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment