GHSA-RH28-MQJ4-8X59 XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests

Impact XWiki discovered that the patch for GHSA-5cf8-vrr8-8hjm was insufficient and with slightly modified parameters to the LiveTableResults, it is still possible to discover password hashes one bit at a time, so with 768 requests, the full password salt and hash can be retrieved of a user...

CVE-2026-5088

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

CVE-2026-5088

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

PT-2026-33009

Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The make salt and make salt bcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simpl...

EUVD-2010-5043

Malware in sbrugna...

TencentOS Server 4: harbor (TSSA-2025:0676)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0676 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

SUSE CVE-2025-30086

CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the q URL parameter in the /api/v2.0/users endpoint. An attacker can retrieve sensitive password hash and salt values by abusing the filtering capability to extract this information character by character. Note:...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the q URL parameter in the /api/v2.0/users endpoint. An attacker can retrieve sensitive password hash and salt values by abusing the filtering capability to extract this information character by character. Note:...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the q URL parameter in the /api/v2.0/users endpoint. An attacker can retrieve sensitive password hash and salt values by abusing the filtering capability to extract this information character by character. Note:...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the q URL parameter in the /api/v2.0/users endpoint. An attacker can retrieve sensitive password hash and salt values by abusing the filtering capability to extract this information character by character. Note:...

Harbor 安全漏洞

Harbor is an open source registry from Harbor Open Source. Artifacts are protected through policies and role-based access control, ensuring that images are scanned and are not vulnerable, and signing images as trusted. A security vulnerability exists in Harbor versions prior to 2.13.1 and prior t...

freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

CVE-2021-35234

Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information...

PT-2021-20856 · Solarwinds · Solarwinds Network Performance Monitor

Name of the Vulnerable Software and Affected Versions: SolarWinds Network Performance Monitor affected versions not specified Description: The issue involves numerous exposed dangerous functions within Orion Core, allowing for read-only SQL injection and leading to privileged escalation. An...

CVE-2018-13063

Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts...

Ubuntu 15.04 : cyrus-sasl2 vulnerability (USN-2755-1)

It was discovered that Cyrus SASL incorrectly handled certain invalid password salts. An attacker could use this issue to cause Cyrus SASL to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security...

USN-2755-1: Cyrus SASL vulnerability

It was discovered that Cyrus SASL incorrectly handled certain invalid password salts. An attacker could use this issue to cause Cyrus SASL to crash, resulting in a denial of service...

DSA-3368-1 cyrus-sasl2 - security update

Bulletin has no description...

[USN-1988-1] Cyrus SASL vulnerability

========================================================================== Ubuntu Security Notice USN-1988-1 October 09, 2013 cyrus-sasl2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...