CVE-2018-14868

Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call...

CVE-2018-14868

Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call...

Don’t ‘Roley’ your own encryption, says Bob the Builder

The Uplogix 3200 is a console server for out-of-band management. It claims ‘high security’ as it’s a closed appliance with a locked-down OS. We were a little surprised therefore to find security flaws in the method they use to protect passwords on the device. We were even more surprised by their...

CVE-2019-5723

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the applicatio...

Design/Logic Flaw

IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682...

CVE-2018-1518

IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox vulnerabilities (USN-3761-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3761-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacke...

CVE-2018-7242

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks...

Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption

Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt + ISR: Apparition...

CVE-2018-1000145

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them...

Sonatype Nexus Repository Manager Weak Password Vulnerability

Sonatype Nexus Repository Manager is a maven repository manager. A security vulnerability exists in the LDAP integration feature in Sonatype Nexus Repository Manager 2.14.5 and earlier versions, which stems from the program's use of hard-coded CMMDwoV values to encrypt passwords. An attacker coul...

Sonatype Nexus Repository Manager 2.x Weak Password Encryption Vulnerability (Dec 2017)

Sonatype Nexus Repository Manager has a weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Hardcoded credentials

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature...

CVE-2017-17717

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature...

CVE-2017-17717

CVE-2017-17717 affects Sonatype Nexus Repository Manager up to version 2.14.5. The vulnerability lies in the LDAP integration feature, which uses hard-coded CMMDwoV values to encrypt passwords, resulting in weak password encryption. Documents consistently describe the issue as a weakness in passw...

CVE-2017-17717

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature...

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20171206)

Security Fixes : - Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2017-10285, CVE-2017-10346 - It was discovered that the Kerberos client implementation ...

RedHat Update for java-1.7.0-openjdk RHSA-2017:3392-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MOXA EDS-G512E Password Encryption Method Vulnerability

The MOXA EDS-G512E is a Gigabit Ethernet managed switch. A password encryption method vulnerability exists in the MOXA EDS-G512E 5.1 build 16072215. An attacker can reverse the password encryption algorithm to retrieve the value...

CVE-2017-13699

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to...