CVE-2025-26486

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-26486
Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication. This issue affects Life 1st: 1.5.2.14234.

6.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://euvd.enisa.europa.eu/vulnerability/CVE-2025-26486
https://www.cvcn.gov.it/cvcn/cve/CVE-2025-26486
Configurations

No configuration.

History

02 Jul 2025, 15:15

Type Values Removed Values Added
References
  • () https://euvd.enisa.europa.eu/vulnerability/CVE-2025-26486 -
Summary
  • (es) El uso de un algoritmo criptográfico roto o riesgoso, el uso de un hash de contraseña con un esfuerzo computacional insuficiente, el uso de un hash débil, el uso de un hash unidireccional con una vulnerabilidad de sal predecible en Beta80 Life 1st permite a un atacante usar la fuerza bruta de las contraseñas de los usuarios o encontrar una colisión para obtener acceso a una aplicación de destino que utiliza BETA80 "Life 1st Identity Manager" como un servicio para la autenticación. Este problema afecta a Life 1st: 1.5.2.14234.
Summary (en) Use of a Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerability in Beta80 Life 1st allows an Attacker to Bruteforce User Passwords or find a collision to gain access to a target application using BETA80 “Life 1st Identity Manager” as a service for authentication.This issue affects Life 1st: 1.5.2.14234. (en) Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication. This issue affects Life 1st: 1.5.2.14234.

19 Mar 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-19 16:15

Updated : 2025-07-02 15:15

NVD link : CVE-2025-26486

Mitre link : CVE-2025-26486

CVE.ORG link : CVE-2025-26486

JSON object : View

Products Affected

No product.

CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm

CWE-328

Use of Weak Hash

CWE-760

Use of a One-Way Hash with a Predictable Salt

CWE-916

Use of Password Hash With Insufficient Computational Effort