Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32596 | 1 Fortinet | 1 Fortiportal | 2024-10-25 | 6 Medium |
| A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables. | ||||
| CVE-2021-26113 | 1 Fortinet | 1 Fortiwan | 2024-10-22 | 6.2 Medium |
| A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored. | ||||
| CVE-2022-26115 | 1 Fortinet | 1 Fortisandbox | 2024-10-22 | 5.4 Medium |
| A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords. | ||||
| CVE-2024-21754 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-10-04 | 1.7 Low |
| A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file. | ||||
| CVE-2020-12069 | 4 Codesys, Festo, Pilz and 1 more | 114 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 111 more | 2024-10-03 | 7.8 High |
| In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. | ||||
| CVE-2023-31412 | 2 Sick, Sick Ag | 7 Lms500, Lms500 Firmware, Lms511 and 4 more | 2024-10-02 | 7.5 High |
| The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password. | ||||
| CVE-2023-41646 | 1 Perrymitchell | 1 Buttercup | 2024-09-26 | 5.3 Medium |
| Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/ | ||||
| CVE-2024-3183 | 1 Redhat | 9 Enterprise Linux, Enterprise Linux Aus, Enterprise Linux Eus and 6 more | 2024-09-25 | 8.1 High |
| A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password). | ||||
| CVE-2021-38314 | 1 Redux | 1 Gutenberg Template Library \& Redux Framework | 2024-09-17 | 5.3 Medium |
| The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`. | ||||
| CVE-2020-14512 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2024-09-17 | 8.1 High |
| GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords. | ||||
| CVE-2018-1447 | 1 Ibm | 3 Spectrum Protect For Space Management, Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot | 2024-09-17 | N/A |
| The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972. | ||||
| CVE-2020-6780 | 1 Bosch | 4 Fsm-2500, Fsm-2500 Firmware, Fsm-5000 and 1 more | 2024-09-17 | 4.4 Medium |
| Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash. | ||||
| CVE-2018-15717 | 1 Opendental | 1 Opendental | 2024-09-17 | N/A |
| Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes. | ||||
| CVE-2021-38400 | 1 Bostonscientific | 2 Zoom Latitude Pogrammer\/recorder\/monitor 3120, Zoom Latitude Pogrammer\/recorder\/monitor 3120 Firmware | 2024-09-16 | 6.9 Medium |
| An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password. | ||||
| CVE-2021-38979 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2024-09-16 | 7.5 High |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785. | ||||
| CVE-2022-0022 | 1 Paloaltonetworks | 1 Pan-os | 2024-09-16 | 4.1 Medium |
| Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. An attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration. Fixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes. This issue does not impact Prisma Access firewalls. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; All versions of PAN-OS 9.0; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7. | ||||
| CVE-2021-43989 | 1 Myscada | 1 Mypro | 2024-09-16 | 7.5 High |
| mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. | ||||
| CVE-2018-10618 | 1 Davolink | 2 Dvw-3200n, Dvw-3200n Firmware | 2024-09-16 | N/A |
| Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device. | ||||
| CVE-2021-32519 | 1 Qsan | 3 Sanos, Storage Manager, Xevo | 2024-09-16 | 9.8 Critical |
| Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.2, QSAN XEVO v2.1.0, and QSAN SANOS v2.1.0. | ||||
| CVE-2019-6563 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-09-16 | 9.8 Critical |
| Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. | ||||