https://bugzilla.suse.com/show_bug.cgi?id=1224241 Bug ID: 1224241 Summary: VUL-0: CVE-2024-34340: cacti: Authentication Bypass when using using older password hashes Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- https://github.com/cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m Md5-hashed user input is compared with correct password in database by $md5 == $hash. It is a loose comparison, not ===. It is a type juggling vulnerability. -- You are receiving this mail because: You are on the CC list for the bug.