CVE-2023-4986

A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this...

Design/Logic Flaw

A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this...

CVE-2023-4986 Supcon InPlant SCADA Project.xml unknown vulnerability

A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this...

CVE-2023-4986

CVE-2023-4986 affects Supcon InPlant SCADA up to 20230901. The vulnerability stems from an unknown function in Project.xml that results in under-computed password hashes. Exploitation requires local access and has high attack complexity, with disclosure already public. Multiple sources (NVD, Red ...

Supcon InPlant SCADA Security Vulnerability

Supcon InPlant SCADA is a SCADA program from China Zhongguancun Technology Supcon. A security vulnerability exists in Supcon InPlant SCADA that stems from the presence of an unknown function in Project.xml that results in an under-computed password hash...

PT-2023-5277 · Supcon · Supcon Inplant Scada

Name of the Vulnerable Software and Affected Versions: Supcon InPlant SCADA up to 20230901 Description: A problematic vulnerability was found in the Supcon InPlant SCADA system, related to insufficient computational effort in password hash when loading project files. This could allow an attacker ...

Important: php

Issue Overview: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

CVE-2023-41646

Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/...

CVE-2023-41646

Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/...

CVE-2023-41646

Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/...

Buttercup Security Breach

Buttercup is a password manager. A security vulnerability exists in Buttercup version v2.20.3. An attacker can exploit this vulnerability to obtain the hash value of the password manager's master password by accessing the file /vaults.json/...

CVE-2023-41646

Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/...

Digi RealPort Protocol

1. EXECUTIVE SUMMARY ​CVSS v3 9.0 ​ATTENTION: Exploitable remotely ​Vendor: Digi International, Inc. ​Equipment: Digi RealPort Protocol ​Vulnerability: Use of Password Hash Instead of Password for Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow the...

PT-2023-5295 · Digi · Digi Realport

Name of the Vulnerable Software and Affected Versions: Digi RealPort affected versions not specified Description: The issue is related to the use of a password hash instead of the password itself for authentication, which can be exploited by an attacker to compromise the target system. It is also...

FixBook Repair Shop Management Tool 3.0 Hash Disclosure

==================================================================================================================================== | Title : FixBook - Repair Shop Management Tool v3.0 Password Hash Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / brows...

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System (GMS) global network firewall management system lies in the use of a password hash instead of a password for authentication. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System’s global network gateways is related to the use of a password hash instead of a password for authentication. Exploiting this vulnerability allows a malicious actor to compromise the...

Information Disclosure

github.com/kubeoperator/kubepi is vulnerable to Information Disclosure. The vulnerability exists because the password hash is not properly restricted to authenticated users which allows an attacker to gain access to sensitive information such as a password hash...

PT-2023-9331 · Unknown · Masterscada

Name of the Vulnerable Software and Affected Versions: MasterSCADA affected versions not specified Description: The issue is related to insufficient protection of service data in the MasterSCADA SCADA system. Exploitation of this issue may allow an attacker to gain unauthorized access to the...

Design/Logic Flaw

KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user including admin. A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users...

GHSA-87F6-8GR7-PC6H KubePi may leak password hash of any user

Summary http://kube.pi/kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password of any user including admin. This leads to password crack attack PoC https://drive.google.com/file/d/1ksdawJ1vShRJyT3wAgpqVmz-Ls6hMA7M/preview Impact - Leaking confidential information. - Can lead to password...