CNNVD-202602-2097 Information

CNNVD ID

CNNVD-202602-2097

Related CVE

CVE-2026-26219

• CNNVD Published: 2026-02-12

Description (Chinese)

newbee-mall是newbee开源的一套电子商务系统。 newbee-mall存在加密问题漏洞，该漏洞源于使用未加盐的MD5哈希算法存储和验证用户密码，可能导致攻击者通过离线攻击快速恢复明文凭据。

Description (English)

Newbee-mall is an open-source e-commerce system for newbees. Newbee-mall has a encryption loophole, which stems from the use of unsaltered MD5 Hashi algorithms to store and validate user passwords, which could lead to rapid restoration of the diploma card by the attackers through offline attacks.

Hazard Level

Low

Vulnerability Type

加密问题

Affected Vendor

newbee

Published

2026-02-12

Last Modified

2026-02-24

References

https://github.com/newbee-ltd/newbee-mall/issues/119 https://www.vulncheck.com/advisories/newbee-mall-unsalted-md5-password-hashing-enables-offline-credential-cracking https://access.redhat.com/security/cve/cve-2026-26219