free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no longer considered secure for password storage or transmission. It is vulnerable to collision attacks and can be easily cracked using modern hardware, exposing user credentials to potential compromise. As of time of publication, a replacement for MD5 has not been committed to the free-one-api GitHub repository.
Metrics
Affected Vendors & Products
References
History
Mon, 30 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 30 Dec 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no longer considered secure for password storage or transmission. It is vulnerable to collision attacks and can be easily cracked using modern hardware, exposing user credentials to potential compromise. As of time of publication, a replacement for MD5 has not been committed to the free-one-api GitHub repository. | |
Title | free-one-api uses md5 for password storage | |
Weaknesses | CWE-328 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-30T16:19:47.571Z
Updated: 2024-12-30T16:48:21.594Z
Reserved: 2024-12-26T20:47:25.612Z
Link: CVE-2024-56516

Updated: 2024-12-30T16:48:18.293Z

Status : Received
Published: 2024-12-30T17:15:09.687
Modified: 2024-12-30T17:15:09.687
Link: CVE-2024-56516

No data.