CVE-2024-34340

2024-05-1400:00:00

ubuntu.com

cacti

weak password hashing

type juggling vulnerability

patch

php 5.5.0

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

25.9%

JSON

Cacti provides an operational monitoring and fault management framework.
Prior to version 1.2.27, Cacti calls compat_password_hash when users set
their password. compat_password_hash use password_hash if there is it,
else use md5. When verifying password, it calls compat_password_verify.
In compat_password_verify, password_verify is called if there is it,
else use md5. password_verify and password_hash are supported on PHP
< 5.5.0, following PHP manual. The vulnerability is in
compat_password_verify. Md5-hashed user input is compared with correct
password in database by $md5 == $hash. It is a loose comparison, not
===. It is a type juggling vulnerability. Version 1.2.27 contains a patch
for the issue.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchcacti< anyUNKNOWN
ubuntu20.04noarchcacti< anyUNKNOWN
ubuntu22.04noarchcacti< anyUNKNOWN
ubuntu24.04noarchcacti< anyUNKNOWN
ubuntu14.04noarchcacti< anyUNKNOWN
ubuntu16.04noarchcacti< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	cacti	< any	UNKNOWN
ubuntu	20.04	noarch	cacti	< any	UNKNOWN
ubuntu	22.04	noarch	cacti	< any	UNKNOWN
ubuntu	24.04	noarch	cacti	< any	UNKNOWN
ubuntu	14.04	noarch	cacti	< any	UNKNOWN
ubuntu	16.04	noarch	cacti	< any	UNKNOWN