CVE-2024-55057
Published: 17 December 2024
Summary
CVE-2024-55057 is a medium-severity Use of Password Hash With Insufficient Computational Effort (CWE-916) vulnerability in Phpgurukul Online Birth Certificate System. Its CVSS base score is 5.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked at the 32.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52728
Vulnerability details
Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insufficient password requirements facilitate brute force attacks (T1110), including password guessing and spraying, enabling unauthorized access to user accounts.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Information from security contacts highlights password hashing methods with insufficient computational effort, preventing their adoption.