EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5(md5(password)). This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force attacks if password hashes are disclosed. The lack of salting and use of a fast, outdated algorithm makes it feasible to recover plaintext credentials using precomputed tables or GPU-based cracking tools. The vendor states that the issue is fixed in 3.5.72.27183.
Metrics
Affected Vendors & Products
References
History
Tue, 19 Aug 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-260 | |
Metrics |
cvssV3_1
|
Tue, 19 Aug 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5(md5(password)). This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force attacks if password hashes are disclosed. The lack of salting and use of a fast, outdated algorithm makes it feasible to recover plaintext credentials using precomputed tables or GPU-based cracking tools. The vendor states that the issue is fixed in 3.5.72.27183. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-08-19T00:00:00.000Z
Updated: 2025-08-19T19:59:17.703Z
Reserved: 2025-06-16T00:00:00.000Z
Link: CVE-2025-51540

Updated: 2025-08-19T19:59:06.300Z

Status : Awaiting Analysis
Published: 2025-08-19T16:15:28.720
Modified: 2025-08-20T14:40:17.713
Link: CVE-2025-51540

No data.