QwikSec

Security Database

CVE

CWE

Training

CVE-2025-26486

Published: Mar 19, 2025

Modified: Jul 2, 2025

PUBLISHED

CVSS v3.1

6.0

MEDIUM

Description

Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication. This issue affects Life 1st: 1.5.2.14234.

Vendor	Product	Versions
Beta80	Life 1st	affected `1.5.2.14234`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-26486

government-resource

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-26486

vdb-entry

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.