3 matches found
CVE-2020-36968 M/Monit 3.7.4 - Password Disclosure
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...
CVE-2020-36968
Removed by vendor...
Linux Distros Unpatched Vulnerability : CVE-2020-36968
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API...