Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.
References
Link | Resource |
---|---|
https://psirt.bosch.com/security-advisories/BOSCH-SA-332072-BT.html | Vendor Advisory |
Configurations
History
03 Feb 2021, 01:29
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-916 | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.9 |
CPE | cpe:2.3:o:bosch:fsm-5000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:bosch:fsm-2500:-:*:*:*:*:*:*:* cpe:2.3:h:bosch:fsm-5000:-:*:*:*:*:*:*:* cpe:2.3:o:bosch:fsm-2500_firmware:*:*:*:*:*:*:*:* |
|
References | (MISC) https://psirt.bosch.com/security-advisories/BOSCH-SA-332072-BT.html - Vendor Advisory |
26 Jan 2021, 18:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-26 18:16
Updated : 2023-12-10 13:41
NVD link : CVE-2020-6780
Mitre link : CVE-2020-6780
CVE.ORG link : CVE-2020-6780
JSON object : View
Products Affected
bosch
- fsm-2500
- fsm-2500_firmware
- fsm-5000_firmware
- fsm-5000
CWE
CWE-916
Use of Password Hash With Insufficient Computational Effort