CVE-2022-1235: Use of Password Hash With Insufficient Computational Effort

April 6, 2022 (updated April 12, 2022)

Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.

References

github.com/advisories/GHSA-vx8v-g3p3-88vg
github.com/livehelperchat/livehelperchat/commit/6538d6df3d8a60fee254170b08dd76a161f7bfdc
huntr.dev/bounties/92f7b2d4-fa88-4c62-a2ee-721eebe01705
nvd.nist.gov/vuln/detail/CVE-2022-1235

Code Behaviors & Features

Detect and mitigate CVE-2022-1235 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →