241 matches found
CVE-2021-45458
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...
Apache Kylin 安全特征问题漏洞
Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface on top of Hadoop/Spark and multi-dimensional analysis OLAP and other functions. Apache kylin security vulnerability, the vulnerability stems from the user...
Schneider Electric Software Update 安全特征问题漏洞
Schneider Electric Software Update is a software update tool for Schneider Electric products from Schneider Electric France. A security signature issue vulnerability exists in Schneider Electric Software Update SESU that stems from An entropy insufficiency vulnerability exists in Schneider Electr...
Design/Logic Flaw
Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...
CVE-2021-22741
Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...
Schneider Electric EcoStruxure Geo SCADA Expert 安全漏洞
Schneider Electric EcoStruxure Geo SCADA Expert ClearSCADA is a suite of data acquisition and monitoring software SCADA from Schneider Electric, France . A security vulnerability exists in ClearSCADA and EcoStruxure Geo SCADA Expert 2019 and EcoStruxure Geo SCADA Expert 2020 version 83.7742.1 and...
SUSE: Security Advisory (SUSE-SU-2020:1117-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ovarro Tbox Information Disclosure Vulnerability
Ovarro Tbox is an application platform from Ovarro Germany. It offers new automation possibilities, simplifies system engineering and enables key industries worldwide to remotely control and monitor their applications. A security vulnerability exists in the Ovarro Tbox product, which can be...
Default credentials
pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, a...
CVE-2020-28086
pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, a...
Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption
Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Date: December 8th 2020 Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation...
Tibco ObfuscationEngine 5.11 Fixed Key Password Decryption
Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Date: December 8th 2020 Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation...
Windows SecureCRT Session Information Enumeration
This module will determine if SecureCRT is installed on the target system and, if it is, it will try to dump all saved session information from the target. The passwords for these saved sessions will then be decrypted where possible, using the decryption information that HyperSine reverse...
CVE-2020-16244
GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data...
Design/Logic Flaw
GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data...
CVE-2020-16244
GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data...
CVE-2020-16244
Ge Digital APM Classic (Versions 4.4 and prior) is affected by two vulnerabilities: (1) an IDOR-based vulnerability allowing unauthorized retrieval of user account data, and (2) use of a one-way hash without a salt, enabling password decryption. The combination creates a high-risk scenario for au...
Easergy Builder Hardcoded Encryption Key Plaintext Storage Vulnerability
Schneider Electric Easergy Builder is a set of configuration software for Easergy remote terminal units and controllers from Schneider Electric, France. A security vulnerability exists in Schneider Electric Easergy Builder version 1.4.7.2 and prior versions. An attacker could exploit the...
CVE-2020-7515
A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password...
CVE-2020-7515
A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password...