703 matches found
CVE-2005-2281
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords...
Passwords in the age of AI: We need to find alternatives
For decades, passwords have been our default method for keeping online accounts safe. But in the age of artificial intelligence, this traditional security method is facing challenges it was never built to withstand. A team at Cybernews conducted a study of over 19 billion newly exposed passwords...
The vulnerability of the INDIGO testing system lies in the absence of restrictions on authentication attempts. This allows a perpetrator to carry out an attack using brute-force methods—automated password retrieval.
The vulnerability of the INDIGO testing system is related to the absence of restrictions on authentication attempts. Exploiting this vulnerability allows a perpetrator, operating remotely, to carry out an attack using brute-force methods automated password cracking...
Inaba Denki Sangyo CHOCO TEI WATCHER mini 安全漏洞
Inaba Denki Sangyo CHOCO TEI WATCHER mini is a series of surveillance cameras from Inaba Denki Sangyo. A security vulnerability exists in Inaba Denki Sangyo CHOCO TEI WATCHER mini, which stems from a weak password requirement that could lead to an attacker obtaining a user's password via brute...
End-to-End Encrypted Texts Between Android and iPhone Are Coming
Plus: A nominee to lead CISA emerges, Elon Musk visits the NSA, a renowned crypto cracking firm’s secret and problematic cofounder is revealed, and more...
Manifest Uses a One-Way Hash without a Salt
Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...
CVE-2025-27408 Manifest Uses a One-Way Hash without a Salt
Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt,...
Three Password Cracking Techniques and How to Defend Against Them
Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracki...
CVE-2025-26410
The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...
CVE-2025-26410
Wattsense Bridge firmware prior to 6.4.1 contains hard-coded user/root credentials; recovered passwords enable login via the serial interface, leading to total compromise. The backdoor user has been removed in firmware BSP >= 6.4.1. Recommended remediation: update Wattsense Bridge firmware to ...
CVE-2025-26410 Weak Hard-coded Credentials
The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...
CVE-2025-26410 Weak Hard-coded Credentials
The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...
Wattsense Bridge 安全漏洞
Wattsense Bridge is an intuitive and powerful IoT gateway from Wattsense. Wattsense Bridge has a security vulnerability that stems from the fact that user passwords can be easily recovered through password cracking attempts...
How Long Does It Take Hackers to Crack Modern Hashing Algorithms?
While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity...
CVE-2025-22390
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...
CVE-2025-22390
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...
NTP Timeroast
Windows authenticates NTP requests by calculating the message digest using the NT hash followed by the first 48 bytes of the NTP message all fields preceding the key ID. An attacker can abuse this to recover hashes that can be cracked offline for machine and trust accounts. The attacker must know...
Percona Toolkit 安全漏洞
Percona Toolkit is a series of advanced command line tools from Percona Corporation, USA. A security vulnerability exists in Percona Toolkit version 3.6.0 that stems from a password hash vulnerability that allows cryptographic brute force cracking using insufficient computational effort...
CVE-2020-11916
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased...
CVE-2019-20457
An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD...