CVE-2023-29681

Cleartext Transmission in cookie:ecospw: in Tenda N301 v6.0, firmware v12.03.01.06pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password...

CVE-2023-29681

Cleartext Transmission in cookie:ecospw: in Tenda N301 v6.0, firmware v12.03.01.06pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password...

CVE-2023-29681

CVE-2023-29681 affects the Tenda N301 router (v6.0) with firmware v12.03.01.06_pt. The issue is cleartext transmission in the cookie ecos_pw, enabling an authenticated attacker on the LAN/WLAN to intercept router communications and obtain the password. Red Hat advisories corroborate the same cook...

Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller BMC software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until n...

PT-2021-19975 · Rockwell Automation · Micro800 +1

Name of the Vulnerable Software and Affected Versions: Micro800 versions All MicroLogix 1400 versions 21 and later Description: This issue allows an attacker to intercept and replace a legitimate new password hash with an illegitimate one during an authenticated password change request. This...

CVE-2020-29380

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a...

CVE-2020-29380

The CVE-2020-29380 affects several V-SOL OLT devices (V1600D/V1600D4L/V1600D-MINI/V1600G1/V1600G2 with versions listed) where TELNET is offered by default and SSH is not consistently available. The root issue is cleartext password transmission enabling interception and a man-in-the-middle attack ...

CVE-2020-29380

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a...

CVE-2020-29055

CVE-2020-29055 affects CDATA devices (multiple models: 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN...

CVE-2020-7196

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdcadminpassword in the source file of the u...

CVE-2020-15646

This CVE describes a credential theft flaw in Thunderbird: if an attacker can intercept Thunderbird’s initial automatic account setup via Microsoft Exchange autodiscovery and reply with crafted data, Thunderbird may send a username and password over HTTPS to the attacker-controlled server. Affect...

CVE-2019-9095

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access...

Design/Logic Flaw

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access...

CVE-2019-9095

CVE-2019-9095 affects Moxa MGate MB31xx/MB32xx/MB36xx/MB3180 gateways. The vulnerability arises from use of a broken or risky cryptographic algorithm that may allow an attacker to intercept weakly encrypted passwords and gain administrative access. Affected firmware versions include MB3170/MB3270...

The vulnerability in the implementation of the interaction protocol between the “ARM Reliezer” software and the “Server Communication” software of the EKRASMS-SP software suite allows a perpetrator to recover the password.

The vulnerability of the implementation of the interaction protocol between the “ARM Reliezer” software and the “Server Communication” software of the EKRASMS-SP suite lies in the absence of a hashing mechanism, as well as the presence of pre-set authentication data used for encrypting passwords...

CVE-2017-12129

An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them...

Moxa EDR-810 Weak Password Vulnerability

The Moxa EDR-810 is an industrial security router with firewall/NAT/VPN and managed Layer 2 switch functionality. It is designed for Ethernet-based security applications in remote control or monitoring networks. A weak password vulnerability exists in the web server functionality of the Moxa...

ZTE ADSL ZXV10 W300 Password Interception Vulnerability

The ZTE ADSL ZXV10 W300 is an ADSL modem Modem product from China's ZTE Corporation ZTE. A security vulnerability exists in the ZTE ADSL ZXV10 W300 W300V2.1.0fER7PEO57 version and W300V2.1.0hER7PEO57 version. A remote attacker can exploit this vulnerability to change the administrator password by...

Zhejiang Dahua camera has authentication vulnerability

Zhejiang Dahua Technology Co., Ltd. is a leading supplier of surveillance products and solution service providers, providing leading video storage, front-end, display control and intelligent transportation series of products for the world. A man-in-the-middle attack-based authentication...

By injecting the Winlogon process intercepts the system password-vulnerability warning-the black bar safety net

Komaki original article, reproduced please indicate the source. Thank you. http://blog.hack.la QQ: 4 2 8 9 0 3 0 A． Winlogon. exe is a prerequisite for the user login process, and. We will now be through DLL injection, to achieve the intercepted system login user name and password and other...