Medium severity5.9NVD Advisory· Published Aug 1, 2017· Updated Jun 17, 2026
CVE-2017-11131
CVE-2017-11131
Description
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for authentication. Moreover, only the first 32 bytes of the hash are used. This allows for easy dictionary and rainbow-table attacks if an attacker has access to the password hash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:stashcat:heinekingmedia:*:*:*:*:*:android:*:*+ 2 more
- cpe:2.3:a:stashcat:heinekingmedia:*:*:*:*:*:android:*:*range: <=1.7.5
- cpe:2.3:a:stashcat:heinekingmedia:*:*:*:*:desktop:*:*:*range: <=0.0.86w
- cpe:2.3:a:stashcat:heinekingmedia:*:*:*:*:web:*:*:*range: <=0.0.80w
- Range: <=1.7.5
Patches
Vulnerability mechanics
References
1- seclists.org/fulldisclosure/2017/Jul/90nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.