Weak Cryptography for Passwords Vulnerability Affects ColdFusion Versions

CVE-2024-34113

5.5MEDIUM

Key Information

Vendor: Adobe
Status: Coldfusion
Vendor: CVE Published:; 13 June 2024

Summary

ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction.

Affected Version(s)

ColdFusion <= 2021u13

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 13, 2024
Vulnerability Reserved.
Apr 30, 2024

Collectors

NVD DatabaseMitre Database