AIKIDO-2025-10666
DotNetNuke.Web is vulnerable to Use of a Broken or Risky Cryptographic Algorithm
50
Medium Risk
This Affects:
DotNetNuke.WebTL;DR
Affected versions of this package use the flawed SHA-1 algorithm for storing passwords, making them vulnerable. Attackers who gain access to password hashes can leverage modern GPU and cloud resources to speed up offline cracking attempts. This vulnerability may result in large-scale credential theft through brute-force techniques.Affected versions of this package use the flawed SHA-1 algorithm for storing passwords, making them vulnerable. Attackers who gain access to password hashes can leverage modern GPU and cloud resources to speed up offline cracking attempts. This vulnerability may result in large-scale credential theft through brute-force techniques.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
DotNetNuke.Web is vulnerable to Use of a Broken or Risky Cryptographic Algorithm in versions 9.13.8 - 10.1.0.
How to fix this
Upgrade the DotNetNuke.Web library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant