282 matches found
bcrypt encryption problem vulnerability
bcrypt is a library used in Node.js for encrypting passwords. An encryption issue vulnerability exists in versions of bcrypt prior to 5.0.0. The vulnerability stems from a networked system or product that does not properly use the relevant cryptographic algorithm, resulting in content that is not...
Insecure Encryption
Overview bcrypt is an A library to help you hash passwords. Affected versions of this package are vulnerable to Insecure Encryption. Data is truncated wrong when its length is greater than 255 bytes. Remediation Upgrade bcrypt to version 5.0.0 or higher. References - GitHub Issue - GitHub PR 1 -...
GHSA-H362-M8F2-5X7C Password Hashing: Do not use MD5
Impact User passwords are stored in the database using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problemati...
Password Hashing: Do not use MD5
Impact User passwords are stored in the database using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problemati...
CVE-2020-5229
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...
CVE-2020-5229
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...
Default credentials
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...
CVE-2020-5229 Opencast stores passwords using outdated MD5 hash algorithm
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...
DEBIAN-CVE-2013-1895
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten...
CVE-2013-1895
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten...
CVE-2013-1895
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten...
CVE-2013-1895
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten...
Authentication flaw
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten...
PYSEC-2020-249
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten...
UBUNTU-CVE-2013-1895
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten...
PYSEC-2020-249
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten...
CVE-2013-1895
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten...
CVE-2013-1895
The CVE-2013-1895 entry concerns the py-bcrypt package for Python, specifically before version 0.3. The issue is a race/concurrency flaw: the module does not properly handle concurrent memory access, which allows attackers to bypass authentication by issuing multiple authentication attempts that ...
CVE-2013-1895
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten...
Cryptographic Issues
Overview bcrypt is an A library to help you hash passwords. Affected versions of this package are vulnerable to Cryptographic Issues. When hashing a password containing an ASCII NUL character, that character acts as the string terminator. Any following characters are ignored. Remediation Upgrade...