1750 matches found
CVE-2024-47182 Dozzle uses unsafe hash for passwords
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3...
CVE-2024-22893
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...
CVE-2024-22893
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...
OpenSlides 安全漏洞
OpenSlides is a free, web-based presentation and assembly system from OpenSlides Open Source. It is used to manage and project agendas, motions and elections for assemblies. A security vulnerability exists in OpenSlides version 4.0.15 that originates from validating a password by comparing the...
CVE-2024-22893
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...
PT-2024-19601 · Unknown · Openslides
Name of the Vulnerable Software and Affected Versions: OpenSlides version 4.0.15 Description: The issue allows attackers to obtain information about the password hash using a timing attack, as the password verification function in OpenSlides has content-dependent runtime. This means the function...
CVE-2024-22893
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...
CVE-2024-22893
OpenSlides 4.0.15 is affected by a timing-attack vulnerability in password verification, where the hash comparison runs in a content-dependent way. This can allow an attacker to infer information about password hashes. Details across sources consistently identify the affected version as 4.0.15 an...
OESA-2024-2165 three-eight-nine-ds-base security update
389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration. Security Fixes: An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed...
ROS-20240918-08
A vulnerability in FreeIPA's centralized user identity management system is associated with insufficient password hash calculation. Exploitation of the vulnerability could allow an attacker, acting remotely, to escalate their privileges by brute-forcing possible values for a user's password...
389-ds-base: Malformed userPassword hash may cause Denial of Service
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password...
389-ds-base: Malformed userPassword hash may cause Denial of Service
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password...
389-ds-base: Malformed userPassword hash may cause Denial of Service
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password...
CVE-2024-8106
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the downloaduserajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extra...
389-ds-base: Malformed userPassword hash may cause Denial of Service
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password...
IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval', 'Description' = %q| This module identifies IPMI 2.0-compatible systems and attempts to retrie...
Cambium EPMP 1000 Ping Password Hash Extractor
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP 1000 'ping' Password Hash Extractor up to v2.5", 'Description' = % This module exploits an OS Command Injection vulnerability in...
The vulnerability of the SCADA system MasterSCADA, related to deficiencies in password protection mechanisms, allows unauthorized access to the project by intruders.
The vulnerability of the SCADA system MasterSCADA is related to deficiencies in the password protection mechanism of the project file. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the project by reverting the password hash value...
The vulnerability of the SCADA system MasterSCADA, related to deficiencies in data protection, allows a intruder to gain access to the project’s web server.
The vulnerability of the SCADA system MasterSCADA is related to deficiencies in data protection. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the project’s web server by reverting the password hash value...
The vulnerability of the SCADA system MasterSCADA, related to deficiencies in data protection, allows a intruder to gain access to the project configuration file.
The vulnerability of the SCADA system MasterSCADA is related to deficiencies in data protection. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the project configuration file by rewriting the password hash value...