509 matches found
CVE-2025-27459
The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered...
CVE-2025-27459
The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered...
CVE-2025-27459 CVE-2025-27459
The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered...
PT-2025-27788
Name of the Vulnerable Software and Affected Versions: VNC affected versions not specified Description: The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered. Recommendations: At the moment,...
TencentOS Server 3: libreoffice (TSSA-2023:0006)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0006 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2024-32042
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered...
CVE-2024-42012
GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate...
CVE-2022-35513
The Blink1Control2 application = 2.2.7 uses weak password encryption and an insecure method of storage...
CVE-2022-25012
Argus Surveillance DVR v4.0 employs weak password encryption...
CVE-2020-6857
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...
CVE-2020-29063
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. ...
CVE-2020-27688
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...
CVE-2020-9289
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...
CVE-2020-36201
An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices...
CVE-2019-15802
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in salutilstrencrypt in libsal.so.0.0. The parameters salt, IV, and key data are used to encrypt and decrypt all passwords using AES256...
CVE-2019-14477
AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is readable by low-privileged users and passwords in the database are weakly encoded or encrypted...
CVE-2019-13022
Bond JetSelect all versions has an issue in the Java class ENCtool.jar and corresponding password generation algorithm used to set initial passwords upon first installation. It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be...
CVE-2017-17717
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature...
CVE-2025-4876
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained t...
Ensure That Passwords Are Encrypted Using Strong Hash Algorithms
For system security, passwords cannot be stored in plaintext in the system and must be encrypted. Irreversible cryptographic algorithms must be used in scenarios where passwords do not need to be recovered. If a password is encrypted with a weak algorithm, attackers can increase the computing pow...