CVE-2024-29886

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Mar 27, 2024
Updated: Mar 28, 2024
CWE ID 916

Summary

CVE-2024-29886 is a vulnerability affecting Serverpod, an app and web server utilized in the Flutter and Dart ecosystem. The issue lies in the old password hash algorithm, which makes the server susceptible to rainbow attacks if an attacker gains access to the database. This vulnerability is resolved by updating to Serverpod version 1.2.6. Prior to the update, the server's password security relied on an outdated algorithm, increasing the risk of unauthorized access through brute-force methods. By upgrading, users can mitigate the threat and secure their Serverpod implementations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share