Design/Logic Flaw

2021-07-0714:15:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.3%

JSON

Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.2, QSAN XEVO v2.1.0, and QSAN SANOS v2.1.0.

CPENameOperatorVersion
sanoslt2.1.0
storage_managerlt3.3.2
xevolt2.1.0

Name	Operator	Version
sanos	lt	2.1.0
storage_manager	lt	3.3.2
xevo	lt	2.1.0

References

www.twcert.org.tw/tw/cp-132-4875-692f0-1.html