ByteOS Network

CVE Vulnerability Details :

CVE-2025-26486

PUBLISHED

More Info Official Page

Assigner-ENISA

Assigner Org ID-a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

Published At-19 Mar, 2025 | 15:46

Updated At-02 Jul, 2025 | 14:34

▼CVE Numbering Authority (CNA)

Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication. This issue affects Life 1st: 1.5.2.14234.

Affected Products

Vendor

Beta80

Product

Life 1st

Default Status

unaffected

Versions

Affected

1.5.2.14234

Problem Types

Type	CWE ID	Description
CWE	CWE-327	CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE	CWE-916	CWE-916 Use of Password Hash With Insufficient Computational Effort
CWE	CWE-328	CWE-328 Use of Weak Hash
CWE	CWE-760	CWE-760 Use of a One-Way Hash with a Predictable Salt

Metrics

Version	Base score	Base severity	Vector
3.1	6.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Impacts

CAPEC ID	Description
CAPEC-49	CAPEC-49 Password Brute Forcing

References

Hyperlink	Resource
https://www.cvcn.gov.it/cvcn/cve/CVE-2025-26486	government-resource
https://euvd.enisa.europa.eu/vulnerability/CVE-2025-26486	vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References