Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13811 | 1 Siemens | 1 Simatic Step 7 \(tia Portal\) | 2024-08-05 | N/A |
| A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Password hashes with insufficient computational effort could allow an attacker to access to a project file and reconstruct passwords. The vulnerability could be exploited by an attacker with local access to the project file. No user interaction is required to exploit the vulnerability. The vulnerability could allow the attacker to obtain certain passwords from the project. At the time of advisory publication no public exploitation of this vulnerability was known. | ||||
| CVE-2018-9233 | 1 Sophos | 1 Endpoint Protection | 2024-08-05 | N/A |
| Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches. | ||||
| CVE-2019-20575 | 1 Google | 1 Android | 2024-08-05 | 5.4 Medium |
| An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019). | ||||
| CVE-2019-20466 | 1 Sannce | 2 Smart Hd Wifi Security Camera Ean 2 950004 595317, Smart Hd Wifi Security Camera Ean 2 950004 595317 Firmware | 2024-08-05 | 7.8 High |
| An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device. | ||||
| CVE-2019-20138 | 1 Http Authentication Library Project | 1 Http Authentication Library | 2024-08-05 | 7.5 High |
| The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used. | ||||
| CVE-2019-19766 | 1 Bitwarden | 1 Server | 2024-08-05 | 7.5 High |
| The Bitwarden server through 1.32.0 has a potentially unwanted KDF. | ||||
| CVE-2019-19735 | 1 Mfscripts | 1 Yetishare | 2024-08-05 | 9.1 Critical |
| class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing. | ||||
| CVE-2019-17216 | 1 Vzug | 2 Combi-stream Mslq, Combi-stream Mslq Firmware | 2024-08-05 | 9.8 Critical |
| An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort. | ||||
| CVE-2019-12737 | 1 Jetbrains | 1 Ktor | 2024-08-04 | 5.3 Medium |
| UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials. | ||||
| CVE-2019-9080 | 1 Domainmod | 1 Domainmod | 2024-08-04 | 7.5 High |
| DomainMOD before 4.14.0 uses MD5 without a salt for password storage. | ||||
| CVE-2019-7649 | 1 Cmswing | 1 Cmswing | 2024-08-04 | N/A |
| global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing. | ||||
| CVE-2019-3907 | 1 Identicard | 1 Premisys Id | 2024-08-04 | 7.5 High |
| Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password). | ||||
| CVE-2020-28873 | 1 Fluxbb | 1 Fluxbb | 2024-08-04 | 7.5 High |
| Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server. | ||||
| CVE-2020-27693 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2024-08-04 | 4.4 Medium |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. | ||||
| CVE-2020-25754 | 1 Enphase | 2 Envoy, Envoy Firmware | 2024-08-04 | 7.5 High |
| An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Attempts to change the user password via passwd or other tools have no effect. | ||||
| CVE-2020-16231 | 1 Bachmann | 40 Cpc210, Cpc210 Firmware, Cs200 and 37 more | 2024-08-04 | 7.2 High |
| The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks. | ||||
| CVE-2020-14516 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2024-08-04 | 10.0 Critical |
| In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly. | ||||
| CVE-2020-14389 | 1 Redhat | 3 Jboss Single Sign On, Keycloak, Red Hat Single Sign On | 2024-08-04 | 8.1 High |
| It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. | ||||
| CVE-2020-10538 | 1 Epikur | 1 Epikur | 2024-08-04 | 5.5 Medium |
| An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack. | ||||
| CVE-2020-10040 | 1 Siemens | 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more | 2024-08-04 | 5.5 Medium |
| A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with local access to the device might be able to retrieve some passwords in clear text. | ||||