Vulnerabilities

CVE-2020-18220

by Fred · 20/05/2021

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks.

Date published : 2021-05-20

https://github.com/doramart/DoraCMS/issues/190

Similar

Tags: Cybersecurity Alert