EUVD-2023-60598

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...

CVE-2023-20572

CVE-2023-20572 describes a timing discrepancy in the ASP that could enable a local attacker to brute-force the hash message authentication code, risking data integrity. The connected AMD bulletin AMD-SB-4012 references potential vulnerabilities on AMD Client Processor platforms affecting ASP and ...

EUVD-2023-60597

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...

CVE-2023-20540

CVE-2023-20540 describes a timing discrepancy in the AMD Secure Processor (ASP) that could enable a privileged attacker to brute-force the hash-based MAC, potentially compromising data integrity. Affected component: AMD Secure Processor / ASP in AMD client/server platforms using ASP. Root cause: ...

PT-2026-44467

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, get shared secret in crates/ecstore/src/rpc/http auth.rs, falls back...

CVE-2026-7818 pgAdmin 4: Unsafe deserialization (CWE-502) in file-backed session manager leads to remote code execution

Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...

GHSA-WQQ3-WFMP-V85G Mojic: Observable Timing Discrepancy in HMAC Verification

Summary The CipherEngine in Mojic v2.1.3 uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208, allowing a potential attacker to bypass the file integrity check via a timing attack. Details...

CVE-2025-64471

A use of password hash instead of password for authentication vulnerability CWE-836 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attack...

EUVD-2009-3611

Malware in sbrugna...

EUVD-2022-3169

Malicious code in bioql PyPI...

EUVD-2022-29898

Malicious code in bioql PyPI...

extloader

extLoader A small toolkit for managing and deploying unpacked...

SourceCodester Android Corona Virus Tracker App for India 安全漏洞

SourceCodester Android Corona Virus Tracker App for India is a new virus tracking app from SourceCodester open source. A security vulnerability exists in the SourceCodester Android Corona Virus Tracker App for India version 1.0, which stems from the use of MD5 for digest authentication, which cou...

CVE-2025-52543 Login to the application services using only the password hash

E3 Site Supervisor Control firmware version 2.31F01 application services MGW and RCI uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash...

CVE-2023-33243

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become be...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an out-of-bounds read issue when setting HMAC data...

Multiple vulnerabilities in EXPRESSCLUSTER X

Overview WebManager/Cluster WebUI of EXPRESSCLUSTER X provided by NEC Corporation contains multiple vulnerabilities listed below. Missing authorization CWE-862 - CVE-2023-39544 Files or directories accessible to external parties CWE-552 - CVE-2023-39545 Use of password hash instead of password fo...

AMI MegaRAC 安全漏洞

AMI MegaRAC is a family of service processor products from AMI. Complete out-of-band or unlit remote management of computer systems independent of operating system state or location is available to troubleshoot computers and ensure service continuity. A security vulnerability exists in AMI MegaRA...

SUSE CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

CVE-2021-27877

An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this schem...