Tag: password hashing

All the articles with the tag "password hashing".

[CVE-2025-47276] Actualizer Uses Weak SHA-512 Password Hashing in Generated Debian Images

13 May, 2025

Actualizer versions below 1.2.0 hard-code the OpenSSL -passwd option for root and alpha accounts, producing fast SHA-512 hashes that modern GPUs can brute-force in hours. Upgrading to 1.2.0 and resetting both passwords replaces the insecure hashes with Yescrypt.

[CVE-2025-47276] Actualizer Uses Weak SHA-512 Password Hashing in Generated Debian Images