204 matches found
MEGAFEIS DBD+ 授权问题漏洞
MEGAFEIS DBD+ is a smart fingerprint Bluetooth padlock from MEGAFEIS. A security vulnerability exists in MEGAFEIS DBD+ version 1.4.4 that stems from the presence of an insecure password reset...
CVE-2022-45637
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism...
CVE-2022-45635
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy...
Information Disclosure
passeo is vulnerable to information disclosure. The vulnerability exists due to the use of insecure random password generation library used in the generate function of init.py, allowing an attacker to guess the password...
Insecure password leads to Mangatoon data breach
The hugely popular Manga comics platform Mangatoon has fallen victim to a data breach. No fewer than 23 million user accounts could be at risk, thanks to a poorly secured database. Worse still, Mangatoon doesnt seem to be responding to messages from the breacher, or people notifying it that the...
CVE-2021-27757
" Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information."...
Backdoor.Win32.Fantador Insecure Password Storage
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a1d045151c809535a308311931588fd0B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Fantador Vulnerability: Insecure Password Storage Description: The malware has an FT...
Backdoor.Win32.Visiotrol.10 Insecure Password Storage
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f9dc0a462ada737f36efafac56f22b97.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Visiotrol.10 Vulnerability: Insecure Password Storage Description: The malware listen...
CVE-2021-39289
Certain NetModule devices have Insecure Password Handling cleartext or reversible encryption, These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB38...
CVE-2021-39289
Certain NetModule devices have Insecure Password Handling cleartext or reversible encryption, These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB38...
Design/Logic Flaw
Certain NetModule devices have Insecure Password Handling cleartext or reversible encryption, These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB38...
CVE-2021-39289
CVE-2021-39289 affects NetModule Router Software (NRSW) and various NetModule NB devices where passwords are stored in cleartext or with reversible encryption. Affected devices include NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, a...
CVE-2021-39289
Certain NetModule devices have Insecure Password Handling cleartext or reversible encryption, These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB38...
NetModule Router Software Password Handling / Session Fixation Vulnerability
NetModule Router Software versions prior to 4.3.0.113, 4.4.0.111, and 4.5.0.105 suffer from insecure password handling and session fixation vulnerabilities. ======================================================================= title: Multiple Vulnerabilities in NetModule Router Software product...
NetModule Router Software Password Handling / Session Fixation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities in NetModule Router Software product: NetModule Router Software NRSW vulnerable version: Before 4.3.0.113, 4.4.0.111, 4.5.0.105 fixed version:...
CVE-2017-16631
In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...
rclone: Weak random number generation
Background rclone is a problem to sync files to and from various cloud storage providers. Description Passwords generated with rclone were insecurely generated and are vulnerable to brute force attacks. Impact Data kept secret with a password generated by rclone may be disclosed to a local...
Vulnerabilities fixed in Zabbix
SUSE has fixed vulnerabilities in its Zabbix packages. The vulnerabilities relate to an incorrectly implemented mechanism that protects against cross-site request forgery CSRF attacks and on insecure password hashing. -= SUSE =- SUSE has made updates available to fix the vulnerability fix in SUSE...
CVE-2020-10048
A vulnerability has been identified in SIMATIC PCS 7 All versions, SIMATIC WinCC All versions V7.5 SP2. Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing...
CVE-2020-10048
A vulnerability has been identified in SIMATIC PCS 7 All versions, SIMATIC WinCC All versions V7.5 SP2. Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing...