Lucene search

[email protected]CVE-2020-25987

HistoryOct 06, 2020 - 1:15 p.m.

CVE-2020-25987

2020-10-0613:15:13

CWE-532

[email protected]

web.nvd.nist.gov

cve-2020-25987

monocms blog 1.0

hard-coded hashes

log.xml

bcrypt

hashcat mode 3200

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.005 Low

EPSS

Percentile

76.4%

JSON

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash.

Affected configurations

NVD

Node

monocmsmonocmsMatch1.0

CPENameOperatorVersion
monocms:monocmsmonocmseq1.0

CPE	Name	Operator	Version
monocms:monocms	monocms	eq	1.0

References

packetstormsecurity.com/files/159430/MonoCMS-Blog-1.0-File-Deletion-CSRF-Hardcoded-Credentials.html

monocms.com/download

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for CVE-2020-25987

nvd1 prion1 cvelist1 exploitdb1 packetstorm1