Lack of Salt in Password Hashing in Merethis Centreon before 2.3.2

Lack of Salt in Password Hashing in Merethis Centreon before 2.3.2

CVE-2011-4432 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.

Learn more about our Contact.