Search
Total
16 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40258 | 1 Ami | 2 Megarac Spx-12, Megarac Spx-13 | 2023-07-31 | N/A | 5.3 MEDIUM |
| AMI Megarac Weak password hashes for Redfish & API | |||||
| CVE-2021-37551 | 1 Jetbrains | 1 Youtrack | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. | |||||
| CVE-2022-29731 | 1 Ict | 4 Protege Gx, Protege Gx Firmware, Protege Wx and 1 more | 2022-06-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. | |||||
| CVE-2022-24041 | 1 Siemens | 8 Desigo Dxr2, Desigo Dxr2 Firmware, Desigo Pxc3 and 5 more | 2022-05-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users. | |||||
| CVE-2022-23348 | 1 Bigantsoft | 1 Bigant Server | 2022-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. | |||||
| CVE-2021-38400 | 1 Bostonscientific | 2 Zoom Latitude Pogrammer\/recorder\/monitor 3120, Zoom Latitude Pogrammer\/recorder\/monitor 3120 Firmware | 2021-10-13 | 4.6 MEDIUM | 6.8 MEDIUM |
| An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password. | |||||
| CVE-2020-0533 | 1 Intel | 1 Converged Security Management Engine Firmware | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | |||||
| CVE-2019-12305 | 1 Actions-micro | 2 Ezcast Pro Ii, Ezcast Pro Ii Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can be cracked to access the administration panel of the device. | |||||
| CVE-2021-22741 | 1 Schneider-electric | 3 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 | 2021-06-07 | 4.6 MEDIUM | 6.7 MEDIUM |
| Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that “.sde” configuration export files do not contain user account password hashes. | |||||
| CVE-2020-6780 | 1 Bosch | 4 Fsm-2500, Fsm-2500 Firmware, Fsm-5000 and 1 more | 2021-02-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash. | |||||
| CVE-2020-27693 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2020-11-24 | 2.1 LOW | 4.4 MEDIUM |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. | |||||
| CVE-2020-10040 | 1 Siemens | 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more | 2020-07-15 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with local access to the device might be able to retrieve some passwords in clear text. | |||||
| CVE-2019-20575 | 1 Google | 1 Android | 2020-03-27 | 4.8 MEDIUM | 5.4 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019). | |||||
| CVE-2014-0083 | 2 Debian, Net-ldap Project | 2 Debian Linux, Net-ldap | 2019-12-19 | 2.1 LOW | 5.5 MEDIUM |
| The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. | |||||
| CVE-2019-12737 | 1 Jetbrains | 1 Ktor | 2019-10-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials. | |||||
| CVE-2017-11131 | 1 Stashcat | 1 Heinekingmedia | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for authentication. Moreover, only the first 32 bytes of the hash are used. This allows for easy dictionary and rainbow-table attacks if an attacker has access to the password hash. | |||||