Design/Logic Flaw

Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device...

CVE-2018-15124

Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device...

FreeBSD : typo3 -- multiple vulnerabilities (ef013039-89cd-11e8-84e9-00e04c1ea73d)

Typo3 core team reports : It has been discovered that TYPO3's Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords...

MyHeritage Says Over 92 Million User Accounts Have Been Compromised

MyHeritage, the Israel-based DNA testing service designed to investigate family history, has disclosed that the company website was breached last year by unknown attackers, who stole login credentials of its more than 92 million customers. The company learned about the breach on June 4, 2018, aft...

CVE-2017-9635

In Ampla MES, CVE-2017-9635 describes a vulnerability when users are configured to use Simple Security: a weakness in the password hashing algorithm could allow an attacker to reverse a user’s password. Affected products are Schneider Electric Ampla MES 6.4 and earlier. Impact details from the IC...

Easy Hosting Control Panel Database Password Cracking Vulnerability

Easy Hosting Control Panel EHCP is an open source hosting control panel that is used to manage domains, emails, ftp users and more. A security vulnerability exists in EHCP version 0.37.12.b. The vulnerability stems from the program's use of a weak hashing algorithm and the absence of salt, which...

Design/Logic Flaw

Easy Hosting Control Panel EHCP v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt...

CVE-2018-6619

Easy Hosting Control Panel EHCP v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt...

CVE-2018-6619

CVE-2018-6619 affects Easy Hosting Control Panel (EHCP) v0.37.12.b. The vulnerability stems from the use of a weak hashing algorithm without a salt for database passwords (e.g., MD5), making it easier for attackers to crack passwords. Multiple connected sources corroborate insecure cryptography a...

Insecure Randomness

django-oscar is contains a insecure randomness vulnerability. The vulnerability exists as the verificationhash method in the AbstractOrder model uses the MD5 hashing algorithm in an insecure way which allows attackers to perform a brute force attack to recover the site-wide secret key...

CVE-2018-0875

It was found that string comparisons in .NET Core did not use a secure hashing algorithm. This could allow an attacker to predict string hashes and cause a denial of service by intentionally creating collisions thus forcing long look up times...

SMA Solar Technology inverter weak password vulnerability

SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A security vulnerability exists in the SMA Solar Technology inverter that stems from the inverter's use of a weak hashing algorithm. The vulnerability can be exploited by an attacker to crack passwords...

CVE-2017-9859

An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This...

CVE-2017-9859

An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This...

CVE-2017-9859

CVE-2017-9859 concerns SMA Solar Technology inverters (Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30). The issue is use of a weak hashing algorithm to encrypt passwords for REGISTER requests, which can be cracked offline, enabling an attacker to recover the password and register at SMA s...

OpenJDK: MD5 allowed for jar verification (Security, 8171121)

It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...

CVE-2017-5186

Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 9.0.2.2 use the deprecated MD5 hashing algorithm in a communications certificate...

CVE-2017-5186

CVE-2017-5186 affects Novell iManager and NetIQ eDirectory (versions listed in the CVE) and is due to the use of the deprecated MD5 hashing algorithm in a communications certificate. The connected SUSE entry reiterates the same affected products and patch level references. The provided sources do...

CVE-2017-5186

Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 9.0.2.2 use the deprecated MD5 hashing algorithm in a communications certificate...

Collision Attack

mongo-java-driver is vulnerable to collision attacks. These attacks are possible because it is using a non-collision resistant hashing algorithm, MD5, in GridFSUploadStreamImpl.java to generate the digest of uploaded files. Note: Developers have mentioned this is a non-issue...