All intelligence
// vulnerability record
live · NVDCVE-2025-26486
MEDIUMpublished 2025-03-19 16:15 UTC · 1 year ago · modified 2026-06-17 09:01 UTC
6.0
CVSS / 10
// description
Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication. This issue affects Life 1st: 1.5.2.14234.
// cvss 3.1 vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
// weaknesses (CWE)
- CWE-327
- CWE-328
- CWE-760
- CWE-916