CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-12-23
Medium
CVE-2021-43989

Vendor: Myscada
Software: Mypro
 

 
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.

 
2021-10-04
Medium
CVE-2021-23855

Updating...
 

 
The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables.

 
Waiting for details
CVE-2021-38400

Updating...
 

 
An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.

 
2021-08-04
Medium
CVE-2021-32596

Vendor: Fortinet
Software: Fortiportal
 

 
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.

 
2021-07-21
Medium
CVE-2021-22774

Updating...
 

 
A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques.

 
2021-07-07
Medium
CVE-2021-32519

Vendor: QSAN
Software: Sanos
 

 
Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash.

 
2021-04-02
Medium
CVE-2019-20466

Updating...
 

 
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device.

 
2021-03-18
Medium
CVE-2020-14516

Vendor: Rockwellautomation
Software: Factorytalk ...
 

 
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.

 
2021-03-17
High
CVE-2020-28873

Vendor: Fluxbb
Software: Fluxbb
 

 
Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server.

 
2021-01-26
Low
CVE-2020-6780

Updating...
 

 
Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top