{"data":{"id":"dcbfb19f-9447-4e44-a34a-7c68d4d0be0a","title":"CVE-2024-56516: free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API f","summary":"free-one-api, a tool that lets users access large language model reverse engineering libraries (code or techniques to understand how AI models work) through OpenAI's API format, uses MD5 (a password hashing algorithm, or mathematical function to scramble passwords) to protect user passwords in versions 1.0.1 and earlier. MD5 is cryptographically broken (mathematically compromised and no longer secure), making it vulnerable to collision attacks (where attackers can forge different inputs that produce the same hash) and easy to crack with modern computers, putting user credentials at risk.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-56516","publishedAt":"2024-12-30T22:15:09.687Z","cveId":"CVE-2024-56516","cweIds":["CWE-328"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["free-one-api"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0006,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-20"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}