Primary

Context

MaxKB Weak Password Hashing Vulnerability Allowing Easy Cracking

Vulnerability

Patched

A vulnerability exists in MaxKB versions prior to 2.9.1, where user passwords are hashed using unsalted MD5. This weak hashing method allows passwords to be easily cracked using rainbow tables or through GPU-accelerated brute force attacks with tools like hashcat. The vulnerability arises because the absence of salt means that identical passwords generate the same hash, making them susceptible to rapid cracking. This issue has been addressed in version 2.9.1.

Impact

The vulnerability allows for easy cracking of user passwords, potentially leading to unauthorized access.

Remediation

Users can upgrade to MaxKB version 2.9.1 to address this vulnerability.

Added: May 26, 2026, 9:41 PM

Updated: May 26, 2026, 9:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

9.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

9.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MaxKB Weak Password Hashing Vulnerability Allowing Easy Cracking

Vulnerability

Impact

Remediation

Affected Products

MaxKB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating