Eaton easyE4 PLC Encryption Issue Vulnerability

The Eaton easyE4 PLC is a PLC from Eaton Corporation USA. A security vulnerability exists in the Eaton easyE4 PLC that stems from a weakly encoded algorithm used to store device passwords in program files...

PT-2023-28977 · Eaton · Eaton Easye4 Plc

Name of the Vulnerable Software and Affected Versions: Eaton easyE4 PLC affected versions not specified Description: The Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. However, it was observed that the device...

The vulnerability of the FTP server function of microprogrammed logic controllers MELSEC RJ71EIP91, SW1DNN-EIPCT-BD, FX5-ENET/IP, SW1DNN-EIPCTFX5-BD allows a intruder to gain unauthorized access to protected information.

The vulnerability of the FTP server functions of microprogrammed logic controllers such as MELSEC RJ71EIP91, SW1DNN-EIPCT-BD, FX5-ENET/IP, and SW1DNN-EIPCTFX5-BD is related to the use of fixed password encoding. Exploiting this vulnerability can allow an intruder to gain unauthorized access to...

Vulnerability of EVlink City parking charging station software. EVlink Parking and EVlink Smart Wallbox, which rely on rigid password encoding, allow intruders to obtain unauthorized administrative privileges.

Vulnerability of EVlink City parking charging station software. EVlink Parking and EVlink Smart Wallbox utilize strict password encoding. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized administrative privileges...

CVE-2022-34445

Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure...

CVE-2022-34445

Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure...

Information disclosure

Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure...

Dell PowerScale OneFS 加密问题漏洞

Dell PowerScale OneFS is an operating system from Dell USA Inc. Dell PowerScale OneFS is vulnerable to an encryption issue stemming from a weak encoding of passwords. A malicious, locally privileged attacker could exploit this vulnerability to cause information disclosure...

CVE-2022-34445

Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure...

PT-2023-13405 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.x through 9.3.x Description: The issue concerns a weak encoding for a password in Dell PowerScale OneFS. A malicious local privileged attacker may potentially exploit this, leading to information disclosure...

CVE-2022-45099

Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise...

CVE-2022-45099

Dell PowerScale OneFS (versions 8.2.x–9.4.x) contains a weak encoding for the NDMP password. This local, privileged-access vulnerability could allow a full system compromise. Mitigations from PT-2022-6324 include disabling the NDMP password feature until a patch is available, restricting privileg...

The vulnerability of the Moxa MXView network control software, related to the use of rigid password encoding, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Moxa MXView network control software lies in the use of fixed password encoding schemes. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to protected information by using the default passwords...

The vulnerability of the QES operating system, related to the use of strict password encoding, allows attackers to escalate their privileges and execute arbitrary code.

The vulnerability of the QES operating system is related to the use of fixed password encoding. Exploiting this vulnerability can allow an attacker to increase their privileges and execute arbitrary code...

AdRem NetCrunch Trust Management Issues Vulnerability

Adrem Netcrunch is a device monitoring software from the American company Adrem. The software monitors Windows, Linux, Mac OS X, BSD, NetWare, and SNMP devices based on SNMP sources, Windows event logs, and Syslog servers. AdRem NetCrunch 10.6.0.4587 suffers from a Trust Management Issue...

Rockwell Automation FactoryTalk View SE Password Weak Encoding Vulnerability

Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation. A weak password encoding vulnerability exists in Rockwell Automation FactoryTalk View SE, which can be exploited by an attacker to gain full access to a user's operating system and...

PT-2020-9625 · Red Hat · Business Central

Name of the Vulnerable Software and Affected Versions: business-central as shipped in rhdm-7.5.1 business-central as shipped in rhpam-7.5.1 Description: A vulnerability was found in business-central where encoded passwords are stored in errai security context. The encoding used for storing the...

Business-central: Encrypted password shown under Object id 7 of errai_security_context

A vulnerability was found in business-central where encoded passwords are stored in erraisecuritycontext. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed...

Business-central: Encrypted password shown under Object id 7 of errai_security_context

A vulnerability was found in business-central where encoded passwords are stored in erraisecuritycontext. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed...

Timing Attack

pac4j-sql is vulnerable to timing attack. The password encoding of an authentication request is performed after a user is found. This causes a delay and provides hint to an attacker if the user exists...