U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2025-26486

Change History

CVE Modified by ENISA 7/02/2025 11:15:25 AM

Action Type Old Value New Value
Changed Description 
Use of a Broken or Risky Cryptographic Algorithm, Use of Password Hash 
With Insufficient Computational Effort, Use of Weak Hash, Use of a 
One-Way Hash with a Predictable Salt vulnerability in Beta80 Life 1st 
allows an 
Attacker to Bruteforce User
Passwords or find a collision to gain access to a target application using BETA80
“Life 1st Identity Manager” as a service for authentication.This issue affects Life 1st: 1.5.2.14234.
 
Broken or Risky Cryptographic Algorithm, Use of Password Hash 
With Insufficient Computational Effort, Use of Weak Hash, Use of a 
One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager"
enable an attacker with access to
password hashes
to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication.
This issue affects Life 1st: 1.5.2.14234.
Added Reference 

								
							
							
								
							
						
								
							
								
https://euvd.enisa.europa.eu/vulnerability/CVE-2025-26486