CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...

Fortinet Fortigate Weak key derivation for backup file (FG-IR-23-423)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-423 advisory. - A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and...

Franklin Fueling System TS-550

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Franklin Fueling System Equipment : TS-550 Vulnerability : Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful...

Design/Logic Flaw

A use of password hash with insufficient computational effort vulnerability CWE-916 in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords...

CVE-2022-26115

Fortinet FortiSandbox is affected by CVE-2022-26115 due to a use of a password hash with insufficient computational effort (CWE-916) prior to version 4.2.0. An attacker with access to the password database could mount bulk guessing attacks to recover passwords. Connected sources confirm the issue...

mySCADA myPRO

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Use of Password Hash with Insufficient Computational Effort, Hidden Functionality, OS Command...

Delta Electronics DIAEnergie (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: Use of Password Hash with Insufficient Computational Effort, Authentication Bypass Using an Alternate Path or Channel, Unrestricted Upload of Fil...

Baker Hughes Bently Nevada 3500

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bently Nevada, a Baker Hughes subsidiary Equipment: 3500 Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. REPOSTED INFORMATION This advisory was originally posted to the...

All Bachmann M1 System Processor Modules

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bachmann Electronic, GmbH Equipment: All M-Base Controllers Vulnerability : Use of Password Hash with Insufficient Computational Effort 2. REPOSTED INFORMATION This updated advisory is a follow-up to...

Cogent DataHub Vulnerabilities

OVERVIEW Independent researcher Alain Homewood has identified four vulnerabilities in the Cogent Real-Time Systems DataHub application. Cogent Real-Time Systems has produced a new version that mitigates three of the four identified vulnerabilities; they have recommended a mitigation for the...