CVE-2021-21507

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure...

Design/Logic Flaw

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure...

CVE-2021-21507

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure...

CVE-2021-21507

CVE-2021-21507 affects Dell EMC Networking X-Series firmware versions before 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware before 2.0.0.82. The root cause is weak password encryption leading to potential disclosure of certain user credentials. An unauthenticated remote attacker could...

Vulnerabilities fixed in Xerox WorkCentre

Xerox has fixed a number of vulnerabilities in Xerox WorkCentre multifunction printers. Passwords, which are stored on the multifunctional are better encrypted, system accounts have been made visible and manageable, and the ability to use the included McAfee Embedded Control has been removed. One...

CVE-2020-36201

An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices...

CVE-2020-36201

An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices...

Design/Logic Flaw

An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices...

CVE-2020-29063

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. ...

GaussDB Kernel: Configuring the Password Encryption Mode

GaussDB Kernel supports two password encryption modes: MD5 and SHA256. MD5 is an insecure encryption mode and should not be configured. This mode is reserved only for compatibility with open-source third-party tools. SHA256 default configuration should be used. Copyright C 2020 Greenbone Networks...

openGauss: Configuring the Password Encryption Mode

Configuring the Password Encryption Mode. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribut...

CVE-2020-27688

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...

CVE-2020-27688

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...

Design/Logic Flaw

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...

CVE-2020-27688

RVTools 4.0.6 is affected by CVE-2020-27688: RVToolsPasswordEncryption.exe uses a static IV and key for encryption, and the Decrypt() method in VISKD.cs within RVTools.exe can decrypt the stored passwords. This creates a risk that passwords in configuration files could be recovered by anyone with...

PT-2020-15547 · Jenkins · Jenkins Appspider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AppSpider Plugin versions 1.0.12 and earlier Description: The issue concerns the storage of a password in an unencrypted form in the global configuration file on the Jenkins controller. This password can be viewed by users with access...

PT-2020-15553 · Cloudbees +2 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins VMware Lab Manager Slaves Plugin versions 0.2.8 and earlier Description: The issue concerns the storage of a password in an unencrypted form in the global config.xml file on the Jenkins controller. This allows users with access to the...

PT-2020-15521 · Jenkins · Couchdb-Statistics Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins couchdb-statistics Plugin versions 0.3 and earlier Description: The issue concerns the storage of the server password in an unencrypted form in the global configuration file on the Jenkins controller. Specifically, the password is...

CVE-2020-2250

CVE-2020-2250 affects Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier. The underlying issue is that project passwords are stored unencrypted in job config.xml files on the Jenkins controller, enabling disclosure when an attacker has Extended Read permission or file-system access to t...

CVE-2020-10919

This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When...