TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash

The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a...

GHSA-H7WF-JG4F-X2WC TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash

The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a...

GHSA-52J9-V3JC-9XGC Tryton allows users to read the hashed password

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors...

GHSA-R5C2-RXH2-F5H2 Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt

jasypt before 1.9.2 allows a timing attack against the password hash comparison...

Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt

jasypt before 1.9.2 allows a timing attack against the password hash comparison...

GHSA-FH32-35W2-RXCC Use of Password Hash With Insufficient Computational Effort in Apache Derby

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to...

Use of Password Hash With Insufficient Computational Effort in Apache Derby

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to...

Mitsubishi Electric FA Products Use of Password Hash Instead of Password For Authentication (CVE-2022-25157)

Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the...

Mitsubishi Electric FA Products Cleartext Storage of Sensitive Information (CVE-2022-25158)

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext. This...

Mitsubishi Electric FA Products Use of Password Hash Instead of Password For Authentication (CVE-2022-25155)

Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdroppe...

CVE-2021-36460

VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the user’s password locally on the device and uses that hash to authenticate in all backend API communications (login, registration, password changes). An attacker who obtains the hash can take over the user’s account, nullifying the benefit of pass...

CVE-2021-45841

In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...

CVE-2021-45841

In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...

Default configuration

In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...

PT-2022-10515 · Unknown · Veryfitpro

Name of the Vulnerable Software and Affected Versions: VeryFitPro version 3.2.8 Description: The issue allows an attacker in possession of a hashed password to take over a user's account. This is because the password is hashed locally on the device and the hash is used for authentication with the...

CVE-2021-45841

In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...

CVE-2021-45841

TerraMaster F4-210 and F2-210 running TOS 4.2.x (4.2.15-2107141517) are affected by CVE-2021-45841, enabling an attacker to self-sign session cookies by knowing the target’s MAC address and the user’s password hash. Guest accounts (disabled by default) can be abused with a null/empty hash to log ...

PT-2022-12430 · Terramaster · Terramaster F2-210 +2

Name of the Vulnerable Software and Affected Versions: Terramaster F4-210, F2-210 TOS versions 4.2.X 4.2.15-2107141517 Description: The issue allows an attacker to self-sign session cookies if they know the target's MAC address and the user's password hash. Additionally, guest users, which are...

TerraMaster FS-210信任管理问题漏洞

The Terramaster TerraMaster FS-210 is a NAS Network Attached Storage device from Shenzhen, China-based Terramaster Electronics Technology Terramaster. A security vulnerability exists in Terramaster F4-210, F2-210 TOS version 4.2.X 4.2.15-2107141517, which can be exploited to allow an attacker to...

Exploit for Improper Authentication in Veryfitpro_Project Veryfitpro

CVE-2021-36460 NVD CVE-2021-36460: https://nvd.nist.gov/vuln/...