106 matches found
CVE-2025-65831
CVE-2025-65831 is documented across multiple sources as involving insecure MD5-based password hashing that could enable credential cracking and unauthorized account access if hashes are obtained. A concrete product reference appears in CNNVD: Meatmeet Pro App v1.1.2.0 uses MD5 for password hashin...
OpenML Frontend 安全漏洞
OpenML Frontend is an OpenML Frontend page from OpenML Open Source. A security vulnerability exists in OpenML Frontend version v2.0.20241110, which stems from the use of predictable MD5-based tokens that could lead to account takeover...
📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm
Ilevia EVE X1/X5 Server version 4.7.18.0.eden stores user passwords in the database using the MD5 hashing algorithm, which is considered cryptographically insecure due to its vulnerability to collision and brute-force attacks. MD5 lacks modern protections such as salting and computational hardnes...
CVE-2025-59452
The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50...
PT-2025-40949
Name of the Vulnerable Software and Affected Versions YoSmart YoLink versions through 2025-10-02 Description The YoSmart YoLink API constructs an endpoint URL using a device's MAC address and an MD5 hash of non-secret information, including a key starting with cf50. The API endpoint is derived fr...
CVE-2025-59745 Multiple vulnerabilities in AndSoft's e-TMS
Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for storing or transmitting passwords. It is vulnerable to collision attacks and can be easily crack...
AndSoft e-TMS 加密问题漏洞
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an encryption issue vulnerability that stems from the use of MD5 encrypted passwords, which can be exploited by an attacker to cause the disclosure of user credentials...
PT-2025-40366
Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description The software uses the MD5 hash algorithm to encrypt passwords. MD5 is considered a cryptographically weak hash algorithm and is susceptible to collision attacks, potentially exposing user credentials...
Use of Weak Hash
Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...
Use of Weak Hash
Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...
CVE-2025-59354
Summary: CVE-2025-59354 affects Dragonfly before version 2.1.0, where downloaded files may be replaced due to use of MD5 for hashing, enabling attackers to supply malicious files with colliding hashes. The vulnerability is fixed in 2.1.0. The initial description provides the root cause and remedi...
CVE-2025-59354 Dragonfly has weak integrity checks for downloaded files
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This...
CVE-2025-40933
Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...
OESA-2025-2125 krb5 security update
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fixes: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due ...
OESA-2025-2124 krb5 security update
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fixes: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due ...
CVE-2025-56608
The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in OkHttpClientWrapper.java. The handleDigest function employs MessageDigest.getInstance"MD5" to hash credentials. MD5 is a broken cryptographic algorithm known to allow hash collisions...
krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...
CVE-2025-9309
A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...
CVE-2025-9309 Tenda AC10 MD5 Hash shadow hard-coded credentials
A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...
krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...