Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:8 p.m.5 views

CVE-2020-18220

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

7.5CVSS6.6AI score0.00412EPSS
Exploits1
OSV
OSV
added 2021/05/20 8:15 p.m.3 views

CVE-2020-18220

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

7.5CVSS7.1AI score0.00412EPSS
Exploits1References1
NVD
NVD
added 2021/05/20 8:15 p.m.21 views

CVE-2020-18220

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

7.5CVSS0.00412EPSS
Exploits1References1
CVE
CVE
added 2021/05/20 7:55 p.m.67 views

CVE-2020-18220

DoraCMS v2.1.1 and earlier uses AES-CBC without a random salt/IV for password encryption, exposing passwords to dictionary attacks. The issue is documented across multiple sources (CVE-2020-18220) and indicates weak encoding rather than a broader vulnerability. Affected component is the password-...

7.5CVSS7.3AI score0.00412EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/05/20 7:55 p.m.21 views

CVE-2020-18220

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

7.4AI score0.00412EPSS
Exploits1References1
Rows per page
Query Builder