Home > Vulnerability Database > CVE-2024-25607

Mend.io Vulnerability Database

CVE-2024-25607

Good to know:

Date: February 20, 2024

The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.

Language: Java

Severity Score

8.1

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-25607

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607

Url: https://www.mend.io/vulnerability-database/CVE-2024-25607

Severity Score

8.1

Weakness Type (CWE)

Use of Password Hash With Insufficient Computational Effort

CWE-916

Top Fix

Upgrade Version

Upgrade to version com.liferay.portal:com.liferay.portal.impl:29.0.0

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-25607

Good to know:

Date: February 20, 2024

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?