CVE-2025-13532
Unknown
Unknown - Not Provided
Weak Password Hash Algorithm in Fortra BoKS Server Agent
Publication date: 2025-12-16
Last updated on: 2025-12-16
Assigner: Fortra
Description
Description
Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. Β This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortra | core_privileged_access_manager | 8.1 |
| fortra | core_privileged_access_manager | 9.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-916 | The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive. |
