CVE-2024-42012

GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate...

CVE-2024-42012

GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate...

CVE-2024-42012

The CVE relates to GRAU DATA Blocky before 3.1, a ransomware-protection product. The issue is that passwords are stored encrypted rather than hashed, and at login the entered password is compared to the decrypted cleartext password. An attacker with Windows admin or debugging rights can exfiltrat...

Important: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2024-49370

Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine versions 4.1.7 and 3.1.1...

VICIdial Multiple Authenticated SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VICIdial Multiple Authenticated SQLi', 'Description' = %q This module exploits several authenticated SQL Inject vulnerabilities in VICIdial...

ALSA-2024:5312 Moderate: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

SNMP passwords in clear text if password encryption is not configured. (CVE-2024-5462)

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords ...

Adobe ColdFusion Weak Algorithm Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion suffers from a weak algorithmic vulnerability that stems from the presence of weak...

Adobe ColdFusion 安全漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion suffers from a weak algorithmic vulnerability that stems from the presence of weak...

silverstripe/framework password encryption salt not updated

When a user changes their password, the internal salt used for hashing their password is not updated. Although this is not considered a security vulnerability, this behaviour has been improved to ensure the salt is reset on change of password...

CVE-2024-32042

The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered...

CVE-2024-32042

The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered...

CVE-2024-32042 CyberPower PowerPanel business Storing Passwords in a Recoverable Format

The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered...

CVE-2024-3543

Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system...

CVE-2024-3543

CVE-2024-3543 concerns Kemp LoadMaster components where a reversible password encryption method can be used to decrypt stored passwords. The underlying issue is that sensitive credentials can be decrypted by an attacker, enabling use of stolen credentials for arbitrary actions that could compromi...

CVE-2023-46294

The CVE-2023-46294 issue affects Teledyne FLIR M300 firmware version 2.00–19. Local passwords are stored encrypted but can be decrypted to plaintext using the umSetup utility, which requires root privileges. The risk is that an attacker with local access could decrypt user account passwords via u...

CVE-2023-46294

An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally, and can be decrypted to cleartext passwords using the utility umSetup. This utility requires root permissions to execute...

CVE-2023-46294

An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally, and can be decrypted to cleartext passwords using the utility umSetup. This utility requires root permissions to execute...

PT-2024-13996 · Janitza · Gridvis

Name of the Vulnerable Software and Affected Versions: Janitza GridVis versions 9.0.66 and earlier Description: The issue concerns the use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function. This allows remote authenticated...