CVE-2025-26486

Summary

Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication. This issue affects Life 1st: 1.5.2.14234.

Affected Software

VendorProductVersion RangeStatus
Beta80Life 1st1.5.2.14234affected

Weaknesses

  • CWE-327: CWE-327 Use of a Broken or Risky Cryptographic Algorithm
  • CWE-916: CWE-916 Use of Password Hash With Insufficient Computational Effort
  • CWE-328: CWE-328 Use of Weak Hash
  • CWE-760: CWE-760 Use of a One-Way Hash with a Predictable Salt

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References