← voltar
CVE-2025-53884

NeuVector has an insecure password storage vulnerable to rainbow attack

CVSS 5.3 MEDIUMEPSS 0.2%CWE-759
NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
SUSE · neuvector

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53884https://github.com/neuvector/neuvector/security/advisories/GHSA-8ff6-pc43-jwv3