Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39182 | 1 Enrocrypt Project | 1 Enrocrypt | 2024-08-04 | 7.5 High |
| EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`. | ||||
| CVE-2021-37551 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | 5.3 Medium |
| In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. | ||||
| CVE-2021-36767 | 1 Digi | 37 6350-sr, 6350-sr Firmware, Cm and 34 more | 2024-08-04 | 9.8 Critical |
| In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server. | ||||
| CVE-2021-33563 | 1 Koel | 1 Koel | 2024-08-03 | 7.5 High |
| Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier. | ||||
| CVE-2021-33003 | 1 Deltaww | 1 Diaenergie | 2024-08-03 | 5.5 Medium |
| Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. | ||||
| CVE-2021-32997 | 1 Bakerhughes | 10 Bentley Nevada 3500\/22m \(288055-01\), Bentley Nevada 3500\/22m \(288055-01\) Firmware, Bentley Nevada 3500 Rack Configuration \(129133-01\) and 7 more | 2024-08-03 | 8.2 High |
| The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access. | ||||
| CVE-2021-22774 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2024-08-03 | 7.5 High |
| A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques. | ||||
| CVE-2021-22741 | 1 Schneider-electric | 3 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 | 2024-08-03 | 6.7 Medium |
| Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that “.sde” configuration export files do not contain user account password hashes. | ||||
| CVE-2021-21253 | 1 Onlinevotingsystem Project | 1 Onlinevotingsystem | 2024-08-03 | 5.8 Medium |
| OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords. This problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system. | ||||
| CVE-2022-47557 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-08-03 | 6.1 Medium |
| Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions. | ||||
| CVE-2022-47732 | 1 Yeastar | 4 N412, N412 Firmware, N824 and 1 more | 2024-08-03 | 7.5 High |
| In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device. | ||||
| CVE-2022-40295 | 1 Phppointofsale | 1 Php Point Of Sale | 2024-08-03 | 4.9 Medium |
| The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks. | ||||
| CVE-2022-40258 | 1 Ami | 2 Megarac Spx-12, Megarac Spx-13 | 2024-08-03 | 5.3 Medium |
| AMI Megarac Weak password hashes for Redfish & API | ||||
| CVE-2022-37164 | 1 Ontrack Project | 1 Ontrack | 2024-08-03 | 9.8 Critical |
| Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes. | ||||
| CVE-2022-37163 | 1 Ihatetobudget Project | 1 Ihatetobudget | 2024-08-03 | 9.8 Critical |
| Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes. | ||||
| CVE-2022-36071 | 1 Sftpgo Project | 1 Sftpgo | 2024-08-03 | 8.3 High |
| SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes that can be used instead of the TOTP. In SFTPGo versions from version 2.2.0 to 2.3.3 recovery codes can be generated before enabling two-factor authentication. An attacker who knows the user's password could potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time. This issue has been fixed in version 2.3.4. Recovery codes can now only be generated after enabling two-factor authentication and are deleted after disabling it. | ||||
| CVE-2022-29731 | 1 Ict | 4 Protege Gx, Protege Gx Firmware, Protege Wx and 1 more | 2024-08-03 | 4.3 Medium |
| An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. | ||||
| CVE-2022-24041 | 1 Siemens | 8 Desigo Dxr2, Desigo Dxr2 Firmware, Desigo Pxc3 and 5 more | 2024-08-03 | 6.5 Medium |
| A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users. | ||||
| CVE-2022-23348 | 1 Bigantsoft | 1 Bigant Server | 2024-08-03 | 5.3 Medium |
| BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. | ||||
| CVE-2022-1235 | 1 Livehelperchat | 1 Live Helper Chat | 2024-08-02 | 8.2 High |
| Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. | ||||