← back
CVE-2021-36460

CVE-2021-36460

EPSS 0.4%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
25 Apr 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's account, rendering the benefits of storing hashed passwords in the database useless.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/martinfrancois/CVE-2021-36460http://veryfitpro.comhttp://www.i-doo.cn