CVE-2021-41992

A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

Design/Logic Flaw

A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

Design/Logic Flaw

A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login...

Design/Logic Flaw

A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login...

CVE-2021-41994

The CVE-2021-41994 entry concerns PingID: an RSA misconfiguration in the PingID iOS app prior to 1.19. This flaw enables pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. Affected component: PingID iOS app (pre-1.19); root cause: RSA misconfigurati...

CVE-2021-41994 PingID iOS mobile application prior to 1.19 vulnerable to pre-computed dictionary attacks

A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login...

CVE-2021-41993

CVE-2021-41993 affects PingID Android app versions prior to 1.19 due to a misconfiguration of RSA. The flaw enables pre-computed dictionary attacks that can cause an offline MFA bypass when using PingID Windows Login. Public references in NVD/CVE records confirm the vulnerability and its impact a...

CVE-2021-41993 PingID Android mobile application prior to 1.19 vulnerable to pre-computed dictionary attacks

A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login...

CVE-2021-41992

CVE-2021-41992 relates to a RSA misconfiguration in PingID Windows Login prior to version 2.7, making it susceptible to pre-computed dictionary attacks and enabling an offline MFA bypass. The Red Hat and NVD entries confirm the same description across multiple sources. Affected software is PingID...

PT-2022-11522 · Ping Identity · Pingid Windows Login

Name of the Vulnerable Software and Affected Versions: PingID Windows Login versions prior to 2.7 Description: A misconfiguration of RSA in PingID Windows Login is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. Recommendations: For versions prior to 2.7, update t...

Using “Master Faces” to Bypass Face-Recognition Authenticating Systems

Fascinating research: "Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution." Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high...

CVE-2021-22774

A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could lead an...

CVE-2021-22774

A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could lead an...

CVE-2021-22774

A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could lead an...

CVE-2021-22774

CVE-2021-22774 affects Schneider Electric EVlink City (EVC1S22P4/EVC1S7P4), EVlink Parking (EVW2/EVF2/EV.2), and EVlink Smart Wallbox (EVB1A) with all versions prior to R8 V3.4.0.1. The issue is CWE-759: Use of a One-Way Hash without a Salt, which could allow an attacker to recover charging-stati...

CVE-2020-18220

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

Design/Logic Flaw

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

CVE-2020-18220

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

CVE-2021-21253

OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for...

Information disclosure

OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for...