CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1748 matches found

OSV•added 2023/06/15 8:15 p.m.•3 views

CVE-2023-33243

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become be...

8.1CVSS5.8AI score0.04421EPSS

Exploits4References2

NVD•added 2023/06/15 8:15 p.m.•56 views

CVE-2023-33243

8.1CVSS8.2AI score0.04421EPSS

Exploits4References2

CVE•added 2023/06/15 12:0 a.m.•71 views

CVE-2023-33243

Summary: CVE-2023-33243 affects STARFACE web interface and REST API, where authentication is possible using the SHA-512 password hash instead of the cleartext password. The issue originates from allowing hash-based authentication rather than requiring the actual password, enabling potential accou...

8.1CVSS8.2AI score0.04421EPSS

Exploits4References2Affected Software1

OSV•added 2023/06/13 9:15 a.m.•2 views

CVE-2023-33920

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05, CP-8050 MASTER MODULE All versions CPCI85 V05. The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with...

6.8CVSS6.4AI score0.00364EPSS

Exploits1References3

Veracode•added 2023/06/08 6:52 a.m.•21 views

Password Hash Disclosure

pimcore/customer-management-framework-bundle is vulnerable to Password Hash Disclosure. The vulnerability exists due to the getDetailviewData function of DefaultCustomerView.php because it does not properly mask user password hashes, which allows an attacker to crack the password hash and gain...

4.9CVSS7.1AI score0.00547EPSS

Exploits0References3Affected Software1

Exploit DB•added 2023/06/04 12:0 a.m.•334 views

STARFACE 7.3.0.10 - Authentication with Password Hash Possible

Exploit Title: STARFACE 7.3.0.10 - Authentication with Password Hash Possible Affected Versions: 7.3.0.10 and earlier versions Fixed Versions: - Vulnerability Type: Broken Authentication Security Risk: low Vendor URL: https://www.starface.de Vendor Status: notified Advisory URL:...

8.1CVSS8.2AI score0.04421EPSS

Exploits4

Positive Technologies•added 2023/06/01 12:0 a.m.•8 views

PT-2023-24239 · Starface · Starface

Name of the Vulnerable Software and Affected Versions: STARFACE affected versions not specified Description: The web interface and REST API of STARFACE allow authentication using the SHA512 hash of the password instead of the cleartext password. This practice renders the protection of storing...

8.1CVSS7.4AI score0.04421EPSS

Exploits4References7

Packet Storm•added 2023/06/01 12:0 a.m.•390 views

STARFACE 7.3.0.10 Broken Authentication

Advisory: STARFACE: Authentication with Password Hash Possible RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext...

7.1AI score0.04421EPSS

Exploits4

0day.today•added 2023/06/01 12:0 a.m.•379 views

STARFACE 7.3.0.10 Broken Authentication Exploit

8.1CVSS7.3AI score0.04421EPSS

Exploits4

NVD•added 2023/05/15 11:15 a.m.•16 views

CVE-2023-23450

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via...

9.8CVSS7.1AI score0.0071EPSS

Exploits0References3

OSV•added 2023/05/15 11:15 a.m.•6 views

CVE-2023-23450

9.8CVSS7.3AI score0.0071EPSS

Exploits0References3

ATTACKERKB•added 2023/05/15 11:15 a.m.•6 views

CVE-2023-23450

9.8CVSS7.3AI score0.0071EPSS

Exploits0References4

Prion•added 2023/05/15 11:15 a.m.•14 views

Default credentials

7.5CVSS9.5AI score0.0071EPSS

Exploits0References3Affected Software7

CVE•added 2023/05/15 10:55 a.m.•57 views

CVE-2023-23450

The CVE-2023-23450 issue concerns the SICK FTMg AIR FLOW SENSOR family (part numbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526). A vulnerability allows an unprivileged remote attacker to log into a valid user account by providing a password hash instead of a real password via ...

9.8CVSS7.3AI score0.0071EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2023/05/15 10:55 a.m.•10 views

CVE-2023-23450

6.2CVSS7.3AI score0.0071EPSS

Exploits0References3

CNNVD•added 2023/05/15 12:0 a.m.•4 views

SICK FTMg 授权问题漏洞

SICK FTMg is a flow sensor from SICK, Germany. A security vulnerability exists in the SICK FTMg AIR FLOW SENSOR that stems from authentication using a password hash instead of a password, allowing an unprivileged remote attacker to log in to a valid user account via the REST interface using the...

9.8CVSS8.4AI score0.0071EPSS

Exploits0References4

Huntr•added 2023/05/02 2:41 p.m.•32 views

all user password hash is disclosed

Proof of Concept login to admin account and then visit https://demo.pimcore.fun/admin/customermanagementframework/customers/detail?id=1016&filteroperator-customer=AND&filteroperator-segments=AND&filtershowSegments0=832&filtershowSegments1=833&filtershowSegments2=874&filterDefinitionid=1 able to...

3.3CVSS7.1AI score0.00547EPSS

Exploits0

NVD•added 2023/05/02 1:15 p.m.•54 views

CVE-2023-2473

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be...

7.5CVSS5.3AI score0.00929EPSS

Exploits0References3

Prion•added 2023/05/02 1:15 p.m.•20 views

Design/Logic Flaw

4CVSS7.5AI score0.00929EPSS

Exploits0References3Affected Software1