CVE-2023-26855 Information

Description

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.

Reference

https://github.com/ChurchCRM/CRM/issues/6449