661 matches found
[SECURITY] Fedora 42 Update: libsodium-1.0.21-2.fc42
Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Its goal is to provide all of t...
[SECURITY] Fedora 43 Update: libsodium-1.0.21-2.fc43
Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Its goal is to provide all of t...
CVE-2019-20138
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's cryptopwhashstr is not used...
CVE-2025-67279
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format...
EUVD-2025-202613
The application uses an insecure hashing algorithm MD5 to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in...
CVE-2025-65831
The application uses an insecure hashing algorithm MD5 to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in...
CVE-2025-65831
The application uses an insecure hashing algorithm MD5 to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in...
CVE-2025-65831
CVE-2025-65831 is documented across multiple sources as involving insecure MD5-based password hashing that could enable credential cracking and unauthorized account access if hashes are obtained. A concrete product reference appears in CNNVD: Meatmeet Pro App v1.1.2.0 uses MD5 for password hashin...
CVE-2025-46413
CVE-2025-46413 affects BUFFALO WSR-1800AX4 series Wi‑Fi routers. The issue is use of a password hash with insufficient computational effort (CWE-916) when WPS is enabled, potentially allowing an attacker to obtain the PIN and/or Wi‑Fi password. Public documents identify the affected component as ...
CVE-2025-46413
Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker...
BUFFALO WSR-1800AX4 Series 安全漏洞
BUFFALO WSR-1800AX4 Series is a series of WiFi routers from BUFFALO Japan. A security vulnerability exists in the BUFFALO WSR-1800AX4 Series that stems from an insufficient password hash calculation, which could lead to the PIN and Wi-Fi password being obtained by an attacker...
PT-2025-45414
Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router WSR-1800AX4 series affected versions not specified Description A weakness exists related to the use of a password hash with insufficient computational effort in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When Wi-Fi Protect...
CVE-2025-34519
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...
CVE-2025-25298 Missing Maximum Password Length Validation in Strapi Password Hashing
Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using bcryptjs for password hashing. Bcryptjs ignores any bytes beyond 72, so passwords longer than 72 bytes are silently truncated. A user can create an account...
CVE-2025-25298 Missing Maximum Password Length Validation in Strapi Password Hashing
Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using bcryptjs for password hashing. Bcryptjs ignores any bytes beyond 72, so passwords longer than 72 bytes are silently truncated. A user can create an account...
Hash Chaining Degrades Security at Facebook
Modern web and digital application password storage relies on password hashing for storage and security. Ad-hoc upgrade of password storage to keep up with hash algorithm norms may be used to save costs but can introduce unforeseen vulnerabilities. This is the case in the password storage scheme...
EUVD-2015-2018
Malware in sbrugna...
EUVD-2014-3879
Malware in sbrugna...
EUVD-2017-18566
Malware in sbrugna...
EUVD-2017-2766
Malware in sbrugna...