1753 matches found
mySCADA myPRO
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Use of Password Hash with Insufficient Computational Effort, Hidden Functionality, OS Command...
CVE-2021-3179
GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass...
Authentication flaw
GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass...
CVE-2021-3179
GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass...
CVE-2021-3179
CVE-2021-3179 concerns the GGLocker iOS app, where an insecure data storage of the password hash enables an authentication bypass. The entry is corroborated by multiple sources in connected documents (NVD, Red Hat, CVE lists). Affected software: GGLocker iOS application. Underlying issue: insecur...
PT-2021-6785 · Mitsubishi · Melsec Q Series Q03/04/06/13/26Udvcpu +20
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Mitsubishi Electric MELSEC iQ-R series...
PT-2021-6786 · Mitsubishi · Melsec Q Series Q03/04/06/13/26Udvcpu +21
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Mitsubishi Electric MELSEC iQ-R series...
PT-2021-6790 · Mitsubishi · Melsec Iq-R Series Rj71Gf11-T2 +22
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Mitsubishi Electric MELSEC iQ-R series...
PT-2021-10: Possibility of authorization in the file password mechanism using the password hash value in the FX5U(C) CPU and FX5UJ CPU modules
The vulnerability of the FX5UC CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the possibility of using a password hash instead of a password for authentication. Exploiting the vulnerability may allow an attacker who knows the hash value of the password to perform...
PT-2021-09: Possibility of authorization in Remote Password mechanism using password hash
The vulnerability of the FX5UC CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the possibility of using a weak password hash. Exploiting the vulnerability may allow an attacker to use the resulting hash value to recover the password value. Advisory status 15.12.202...
PT-2021-08: Possibility of authorization in Remote Password mechanism using password hash in FX5U(C) CPU and FX5UJ CPU modules
Exploiting the vulnerability of the FX5UC CPU and FX5U CPU modules of Mitsubishi Electric FA products may allow an attacker to perform authorization in Remote Password mechanism using password hash Advisory status 15.12.2021 - Vendor gets vulnerability details 31.03.2022 - Security advisory...
389 security update
CentOS Errata and Security Advisory CESA-2021:3807 An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CentOS 7 : 389-ds-base (RHSA-2021:3807)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3807 advisory. - A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any passwo...
CVE-2021-39182 Use of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.py
EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...
Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor (PRM) Model 3120 Encryption Error Vulnerability
The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is a portable cardiac rhythm management Crm programming system from Boston Scientific, Inc. The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is vulnerable to an encryption error that could...
389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...
RHEL 8 : 389-ds:1.4 (RHSA-2021:3906)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3906 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...
389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...
Scientific Linux Security Update : 389-ds-base on SL7.x x86_64 (2021:3807)
The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:3807-1 advisory. - 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed CVE-2021-3652 Note that Nessus has not tested for this issue but has...
Access Restriction Bypass
py-bcrypt is vulnerable to Improper Access Control. The vulnerability exists due to improper handling of concurrent memory access in py-bcrypt module which triggers password hash overwriting, allowing an attacker to bypass security restrictions...