690 matches found
Use of a Broken or Risky Cryptographic Algorithm in hdinnovations/unit3d-community-edition
✍️ Description The referenced code block uses PHP's native md5 and uniqid functions to generate the attributes named passkey and rsskey - both of which are to be considered cryptographically insecure due to their usage of uniqid which is not to be considered cryptographically secure. 🕵️♂️ Proof of...
CVE-2021-20497
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969...
Use of a Broken or Risky Cryptographic Algorithm in boxbilling/boxbilling
✍️ Description The function mtrand is used to generate ticket hashes at the reference shown, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to disclose critical...
Use of a Broken or Risky Cryptographic Algorithm in emoncms/emoncms
✍️ Description The function mtrand is used to generate verification keys, API keys both read & write, and even hash salts, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this functio...
Use of a Broken or Risky Cryptographic Algorithm in panique/huge
✍️ Description The function mtrand is used to generate password-reset tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate password-reset tokens that...
Use of a Broken or Risky Cryptographic Algorithm in mautic/mautic
✍️ Description The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are...
PT-2021-7637 · Arm +2 · Mbed Tls +2
Name of the Vulnerable Software and Affected Versions: Mbed TLS versions prior to 3.0.0 Mbed TLS versions prior to 2.27.0 Mbed TLS versions prior to 2.16.11 Description: The issue is related to the use of a broken or risky cryptographic algorithm in the mbedtls mpi exp mod function in lignum.c in...
Philips Vue PACS (Update B)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Philips Equipment: Vue PACS Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Input Validation, Improper...
Code injection
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day...
CVE-2021-27200
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day...
CVE-2021-27200
CVE-2021-27200 affects WoWonder 3.0.4. The issue is a weak cryptographic algorithm in recover.php, making the code parameter easily predictable from the time of day. This enables remote attackers to take over any account. The vulnerability is described consistently across multiple sources (NVD, R...
WoWonder Social Network Platform 3.1 - Authentication Bypass Exploit
Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...
WoWonder Social Network Platform 3.1 Authentication Bypass
Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Date: 11.06.2021 Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...
WoWonder Social Network Platform 3.1 - Authentication Bypass
Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Date: 11.06.2021 Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...
Adventures in Contacting the Russian FSB
KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service FSB, the Russian equivalent of the U.S. Federal Bureau of Investigation FBI. In the process of doing so, I encountered a small snag: The FSBs website said in order to communicate with them securely, I needed to...
Schneider Electric homeLYnk and spaceLYnk Unauthorized Access Vulnerability
Schneider Electric homeLYnk and spaceLYnk are both automation programming software for different logic controllers from Schneider Electric, France. An unauthorized access vulnerability exists in Schneider Electric homeLYnk and spaceLYnk, which arises from the presence of a broken or dangerous...
CVE-2021-22738
Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack...
Design/Logic Flaw
Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack...
CVE-2021-22738
CVE-2021-22738 affects Schneider Electric homeLYnk and spaceLYnk (versions up to and including 2.60). The root cause is use of a broken or risky cryptographic algorithm that could allow unauthorized access after credentials are discovered via brute force. The Red Hat, CNVD, CVE/NVD entries corrob...
CVE-2021-22738
Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack...