511 matches found
bcrypt encryption problem vulnerability
bcrypt is a library used in Node.js for encrypting passwords. An encryption issue vulnerability exists in versions of bcrypt prior to 5.0.0. The vulnerability stems from a networked system or product that does not properly use the relevant cryptographic algorithm, resulting in content that is not...
Security feature bypass
A vulnerability based on insecure user/password encryption in the JOE job editor component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile...
CVE-2019-13022
Bond JetSelect all versions has an issue in the Java class ENCtool.jar and corresponding password generation algorithm used to set initial passwords upon first installation. It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be...
Design/Logic Flaw
Bond JetSelect all versions has an issue in the Java class ENCtool.jar and corresponding password generation algorithm used to set initial passwords upon first installation. It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be...
Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption
import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible for Python 2 and 3 versions now, tested successfully. Sample test password LOOOOONGPASSWORD! =...
Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption
Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Date: 2020-04-20 Author: hyp3rlinx Vendor: CVE: CVE-2020-6857 import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible...
Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Exploit
Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Author: hyp3rlinx Vendor: CVE: CVE-2020-6857 import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible for Python 2 and ...
PT-2020-2658 · Jenkins · Jenkins Artifactory Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Artifactory Plugin versions 3.5.0 and earlier Description: The issue is related to the storage of the Artifactory server password in plain text in the global configuration file. This allows users with access to the Jenkins master file...
Design/Logic Flaw
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...
PT-2020-15331 · Jenkins · Jenkins Dynamic Extended Choice Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Dynamic Extended Choice Parameter Plugin versions 1.0.1 and earlier Description: The issue concerns the storage of passwords in an unencrypted manner in job config.xml files on the Jenkins master. This allows users with Extended Read...
AVideo Platform 8.1 - Information Disclosure (User Enumeration) Vulnerability
Exploit for jsp platform in category web applications Exploit Title: AVideo Platform 8.1 - Information Disclosure User Enumeration Exploit Author: Ihsan Sencan Vendor Homepage: https://avideo.com Software Link: https://github.com/WWBN/AVideo Version: 8.1 Tested on: Linux CVE: N/A POC: 1...
PT-2020-15314 · Jenkins · Jenkins Fortify Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 19.1.29 and earlier Description: The issue concerns the storage of proxy server passwords in an unencrypted manner within job config.xml files on the Jenkins master. These passwords can be accessed by users who...
CVE-2019-3700
yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger...
CarbonFTP Insecure Proprietary Password Encryption Vulnerability
CarbonFTP is a file synchronization tool. CarbonFTP has a security vulnerability. No details of the vulnerability are provided at this time...
CVE-2020-6857
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...
CVE-2020-6857
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...
Hardcoded credentials
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...
CVE-2020-6857
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...
CVE-2020-6857
CVE-2020-6857 : CarbonFTP v1.4 contains insecure proprietary password encryption with a hard-coded weak encryption key; the key for local FTP server passwords is hard-coded in the binary. The CVE entry identifies the root cause as this hard-coded key, enabling weak protection of passwords. What’s...
NEOWISE CARBONFTP 1.4 - Weak Password Encryption
NEOWISE CARBONFTP 1.4 - Weak Password Encryption Exploit Title: NEOWISE CARBONFTP 1.4 - Weak Password Encryption discovery Date: 2019-01-24 published : 2020-01-20 Exploit Author: hyp3rlinx Vendor Homepage: https://www.neowise.com Software Link: https://www.neowise.com/freeware/ Version: 1.4 +...