Total
74 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-5139 | 1 Google | 1 Gizmo5 | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
| The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | |||||
| CVE-2010-2450 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. | |||||
| CVE-2019-17216 | 1 Vzug | 2 Combi-stream Mslq, Combi-stream Mslq Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort. | |||||
| CVE-2014-0083 | 2 Debian, Net-ldap Project | 2 Debian Linux, Net-ldap | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. | |||||
| CVE-2019-6563 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. | |||||
| CVE-2018-10618 | 1 Davolink | 2 Dvw-3200n, Dvw-3200n Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device. | |||||
| CVE-2019-0030 | 1 Juniper | 3 Advanced Threat Prevention Firmware, Atp400, Atp700 | 2023-12-10 | 4.0 MEDIUM | 7.2 HIGH |
| Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2018-15680 | 1 Btiteam | 1 Xbtit | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. | |||||
| CVE-2019-3907 | 1 Identicard | 1 Premisys Id | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password). | |||||
| CVE-2018-15681 | 1 Btiteam | 1 Xbtit | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie can efficiently brute-force it to retrieve the user's cleartext password. | |||||
| CVE-2018-1447 | 1 Ibm | 3 Spectrum Protect For Space Management, Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot | 2023-12-10 | 5.0 MEDIUM | 8.1 HIGH |
| The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972. | |||||
| CVE-2018-9233 | 1 Sophos | 1 Endpoint Protection | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
| Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches. | |||||
| CVE-2017-3962 | 1 Mcafee | 1 Network Security Manager | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes. | |||||
| CVE-2017-11131 | 1 Stashcat | 1 Heinekingmedia | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for authentication. Moreover, only the first 32 bytes of the hash are used. This allows for easy dictionary and rainbow-table attacks if an attacker has access to the password hash. | |||||