← volver
CVE-2025-53884

NeuVector has an insecure password storage vulnerable to rainbow attack

CVSS 5.3 MEDIUMEPSS 0.2%CWE-759
NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
SUSE · neuvector

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53884https://github.com/neuvector/neuvector/security/advisories/GHSA-8ff6-pc43-jwv3