Lucene search
K

703 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 6:30 p.m.5 views

CVE-2005-2281

WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords...

7.5CVSS6.9AI score0.00797EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2025/05/08 1:17 p.m.54 views

Passwords in the age of AI: We need to find alternatives

For decades, passwords have been our default method for keeping online accounts safe. But in the age of artificial intelligence, this traditional security method is facing challenges it was never built to withstand. A team at Cybernews conducted a study of over 19 billion newly exposed passwords...

7.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/05/06 12:0 a.m.5 views

The vulnerability of the INDIGO testing system lies in the absence of restrictions on authentication attempts. This allows a perpetrator to carry out an attack using brute-force methods—automated password retrieval.

The vulnerability of the INDIGO testing system is related to the absence of restrictions on authentication attempts. Exploiting this vulnerability allows a perpetrator, operating remotely, to carry out an attack using brute-force methods automated password cracking...

7.8CVSS5.5AI score
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.4 views

Inaba Denki Sangyo CHOCO TEI WATCHER mini 安全漏洞

Inaba Denki Sangyo CHOCO TEI WATCHER mini is a series of surveillance cameras from Inaba Denki Sangyo. A security vulnerability exists in Inaba Denki Sangyo CHOCO TEI WATCHER mini, which stems from a weak password requirement that could lead to an attacker obtaining a user's password via brute...

9.8CVSS9.3AI score0.00827EPSS
Exploits0References5
Wired Threat Level
Wired Threat Level
added 2025/03/15 10:30 a.m.9 views

End-to-End Encrypted Texts Between Android and iPhone Are Coming

Plus: A nominee to lead CISA emerges, Elon Musk visits the NSA, a renowned crypto cracking firm’s secret and problematic cofounder is revealed, and more...

7.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/03/03 7:55 p.m.11 views

Manifest Uses a One-Way Hash without a Salt

Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...

4.8CVSS7.6AI score0.00146EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/28 5:26 p.m.9 views

CVE-2025-27408 Manifest Uses a One-Way Hash without a Salt

Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt,...

4.8CVSS5.1AI score0.00146EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/02/26 10:56 a.m.17 views

Three Password Cracking Techniques and How to Defend Against Them

Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracki...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/13 12:36 p.m.14 views

CVE-2025-26410

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...

9.8CVSS7.2AI score0.00663EPSS
Exploits1References1
CVE
CVE
added 2025/02/11 9:20 a.m.696 views

CVE-2025-26410

Wattsense Bridge firmware prior to 6.4.1 contains hard-coded user/root credentials; recovered passwords enable login via the serial interface, leading to total compromise. The backdoor user has been removed in firmware BSP >= 6.4.1. Recommended remediation: update Wattsense Bridge firmware to ...

9.8CVSS9.6AI score0.00663EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/02/11 9:20 a.m.11 views

CVE-2025-26410 Weak Hard-coded Credentials

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...

9.8AI score0.00663EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/02/11 9:20 a.m.21 views

CVE-2025-26410 Weak Hard-coded Credentials

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...

0.00663EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.4 views

Wattsense Bridge 安全漏洞

Wattsense Bridge is an intuitive and powerful IoT gateway from Wattsense. Wattsense Bridge has a security vulnerability that stems from the fact that user passwords can be easily recovered through password cracking attempts...

9.8CVSS9.2AI score0.00663EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2025/01/28 10:30 a.m.17 views

How Long Does It Take Hackers to Crack Modern Hashing Algorithms?

While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity...

7.5AI score
Exploits0
OSV
OSV
added 2025/01/04 2:15 a.m.5 views

CVE-2025-22390

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...

7.5CVSS5.7AI score0.00347EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/04 12:0 a.m.8 views

CVE-2025-22390

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...

7.5AI score0.00347EPSS
Exploits0References1
Metasploit
Metasploit
added 2024/12/20 6:55 p.m.515 views

NTP Timeroast

Windows authenticates NTP requests by calculating the message digest using the NT hash followed by the first 48 bytes of the NTP message all fields preceding the key ID. An attacker can abuse this to recover hashes that can be cracked offline for machine and trust accounts. The attacker must know...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2024/12/15 12:0 a.m.5 views

Percona Toolkit 安全漏洞

Percona Toolkit is a series of advanced command line tools from Percona Corporation, USA. A security vulnerability exists in Percona Toolkit version 3.6.0 that stems from a password hash vulnerability that allows cryptographic brute force cracking using insufficient computational effort...

7.5CVSS6.7AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2024/11/07 6:15 p.m.3 views

CVE-2020-11916

An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased...

6.3CVSS5.8AI score0.00474EPSS
Exploits1References2
NVD
NVD
added 2024/11/07 6:15 p.m.15 views

CVE-2019-20457

An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD...

9.1CVSS0.00734EPSS
Exploits0References4
Rows per page
Query Builder