{"id":"CVE-2024-24553","details":"Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function.","modified":"2026-04-10T05:09:50.260160Z","published":"2024-06-24T07:15:15.063Z","references":[{"type":"ADVISORY","url":"https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bludit/bludit","events":[{"introduced":"29b7d74ead855a36ad270bbfca055e27f3ff7916"},{"last_affected":"0a9c21a1e8f515181c6de9aa0500b9ff5a481093"}],"database_specific":{"versions":[{"introduced":"3.14.0"},{"last_affected":"3.15.0"}]}}],"versions":["3.14.0","3.14.0-test","3.14.1","3.15.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24553.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}