CVE-2025-27552 DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm

DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...

CVE-2025-26486

Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user password...

CVE-2025-26486

CVE-2025-26486 affects Beta80 Life 1st Identity Manager (Life 1st) up to version 1.5.2.14234. The issue arises from broken or risky cryptographic algorithms, passwords hashed with insufficient computational effort, weak hashes, and use of a one‑way hash with a predictable salt. An attacker with a...

CVE-2025-26486

Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user password...

CVE-2025-2349

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational...

CVE-2025-2349

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational...

CVE-2025-2349

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational...

CVE-2025-2349

The CVE describes a vulnerability in IROAD Dash Cam FX2 (up to 20250308) affecting an unknown function in the Password Hash Handler that processes /etc/passwd. The issue leads to a password hash with insufficient computational effort. Attack requires local network access and is characterized as h...

CVE-2025-2349 IROAD Dash Cam FX2 Password Hash passwd weak password hash

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational...

CVE-2025-2349 IROAD Dash Cam FX2 Password Hash passwd weak password hash

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational...

IROAD FX2 安全漏洞

IROAD FX2 is a car recorder from IROAD. A security vulnerability exists in IROAD FX2 20250308 and prior versions, which stems from an insufficient password hash calculation that requires an attack to be launched on the local network...

CVE-2025-27595

CVE-2025-27595 concerns SICK DL100-2xxxxxxx devices where a weak password hash algorithm is used. The vulnerability allows an attacker to derive a matching password due to the weak hashing, impacting confidentiality, integrity, and availability. The CVSS 3.1 score is 9.8 (Network attack, no user ...

CVE-2025-27595 Weak hashing alghrythm

The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device...

CVE-2025-27594 Unencrypted transmission of password hash

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...

CVE-2025-27594 Unencrypted transmission of password hash

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...

SICK DL100-2xxxxxxx 安全漏洞

The SICK DL100-2xxxxxxxxx is a series of sensors from SICK, Germany. A security vulnerability exists in the SICK DL100-2xxxxxxxxx that stems from the use of a weak hash algorithm to generate a password hash, which could lead to an attacker easily calculating a matching password...

Santesoft Sante PACS Server 安全漏洞

Santesoft Sante PACS Server is a DICOM 3.0 compliant PACS server, Modality Worklist server, HTTP Web server for DICOM files, and CD/DVD burning and printing server from Santesoft Cyprus. Used to store, archive, manage, view and burn medical images. A security vulnerability exists in Santesoft San...

CVE-2024-13893

Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the...

Navidrome allows an authentication bypass in Subsonic API with non-existent username

Summary In certain Subsonic API endpoints, authentication can be bypassed by using a non-existent username combined with an empty salted password hash. This allows read-only access to the server’s resources, though attempts at write operations fail with a “permission denied” error. Details A flaw...

CVE-2025-27112

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...