389-ds-base: Malformed userPassword hash may cause Denial of Service

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password...

ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack Exploit

ABB Cylon FLXeon version 9.3.4 has a timing attack vulnerability in the authentication process due to an improper comparison of password hashes in login.js and uukl.js. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack Vendor: ABB Ltd. Product web page: https://www.global.a...

ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack

ABB Cylon FLXeon version 9.3.4 has a timing attack vulnerability in the authentication process due to an improper comparison of password hashes in login.js and uukl.js. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack Vendor: ABB Ltd. Product web page: https://www.global.a...

CVE-2022-24798

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perfo...

CVE-2024-8933

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to...

PT-2025-5588 · Unknown · Develocity

Name of the Vulnerable Software and Affected Versions: Develocity versions prior to 2024.3.1 Description: The issue allows an attacker with network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used provides some protection against brute-force...

ROS-20250114-03

Vulnerability in the Hash Handler component of the 389-ds-basic package is related to insufficient verification of the of password hashes. Exploitation of the vulnerability could allow an intruder to cause a denial of service...

CVE-2024-5743 Command Injection Vulnerability

An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42...

Exploit for Improper Preservation of Permissions in Modernwms

Admin MD5 Password Hash Disclosure - ModernWMS v1.0 - CVE-2024...

SUSE CVE-2024-7701

Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0...

ROS-20241220-01

A vulnerability in the password verification function of the PHP programming language is related to insufficient calculation of the password hash. password hash. Exploitation of the vulnerability allows an attacker to affect data integrity...

CVE-2024-7701

Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0...

DEBIAN-CVE-2024-7701

Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0...

CVE-2024-7701

Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0...

UBUNTU-CVE-2024-7701

Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0...

CVE-2024-7701 Misuse of SHA256 to create an encryption key

Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0...

CVE-2024-7701

Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0...

Percona Toolkit 安全漏洞

Percona Toolkit is a series of advanced command line tools from Percona Corporation, USA. A security vulnerability exists in Percona Toolkit version 3.6.0 that stems from a password hash vulnerability that allows cryptographic brute force cracking using insufficient computational effort...

php: password_verify can erroneously return true, opening ATO risk

A null byte interaction error vulnerability was found in PHP. If a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true. If a user can create a password with a leading null byte unlikely, but...

php: password_verify can erroneously return true, opening ATO risk

A null byte interaction error vulnerability was found in PHP. If a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true. If a user can create a password with a leading null byte unlikely, but...