VYPR

Maven package

org.opencastproject/opencast-common-jpa-impl

pkg:maven/org.opencastproject/opencast-common-jpa-impl

Vulnerabilities (1)

  • CVE-2020-5229Jan 30, 2020
    affected < 7.6fixed 7.6

    Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is probl