CVE-2020-25987 — HIGH (7.5)

Vulnerability Description

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Monocms	Monocms	1.0

Related Weaknesses (CWE)

CWE-532

References

http://packetstormsecurity.com/files/159430/MonoCMS-Blog-1.0-File-Deletion-CSRF-ExploitThird Party AdvisoryVDB Entry
https://monocms.com/downloadProductVendor Advisory
http://packetstormsecurity.com/files/159430/MonoCMS-Blog-1.0-File-Deletion-CSRF-ExploitThird Party AdvisoryVDB Entry
https://monocms.com/downloadProductVendor Advisory

FAQ

What is CVE-2020-25987?

CVE-2020-25987 is a vulnerability with a CVSS score of 7.5 (HIGH). MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash.

How severe is CVE-2020-25987?

CVE-2020-25987 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-25987?

Check the references section above for vendor advisories and patch information. Affected products include: Monocms Monocms.