CVE-2025-27595 Weak hashing alghrythm

The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device...

CVE-2025-27595

CVE-2025-27595 concerns SICK DL100-2xxxxxxx devices where a weak password hash algorithm is used. The vulnerability allows an attacker to derive a matching password due to the weak hashing, impacting confidentiality, integrity, and availability. The CVSS 3.1 score is 9.8 (Network attack, no user ...

Manifest Uses a One-Way Hash without a Salt

Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...

CVE-2024-10026

A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances...

CVE-2024-10026

A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances...

CVE-2024-10026 Improved Seeding and Hashing In gVisor

A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances...

PT-2025-4294 · Unknown · Langchain4J-Aideepin

Name of the Vulnerable Software and Affected Versions: LangChain4j-AIDeepin versions prior to 3.5.0 Description: LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to version 3.5.0, it used MD5 to hash files, which may cause file upload conflicts. Recommendations: For...

Beego 安全漏洞

Beego is an open source web framework based on the Go language from Beego Open Source. A security vulnerability exists in Beego version 2.3.3, which stems from the use of MD5 as a hashing algorithm and is vulnerable to collision attacks...

CVE-2023-6056

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to...

Festo CODESYS V3 Products Use of Password Hash With Insufficient Computational Effort (CVE-2020-12069)

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. This plugin...

CVE-2024-22892

OpenSlides 4.0.15 is affected by a vulnerability due to using a weak hashing algorithm for password storage. The CVE-2024-22892 entry, with a CVSS v3.1 base score of 7.5 (HIGH), indicates network attack potential with low complexity and no privileges required. The issue targets the password hashi...

Loki: a new private agent for the popular Mythic framework

In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. One of the agent's decrypted strings O...

PT-2024-9166 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 Nextcloud Server versions prior to 29.0.7 Nextcloud Server versions prior to 30.0.0 Description: The issue is related to the use of a reversible one-way hash function in Nextcloud Server, which...

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

The U.S. Cybersecurity and Infrastructure Security Agency CISA has disclosed that threat actors are abusing the legacy Cisco Smart Install SMI feature with the aim of accessing sensitive data. The agency said it has seen adversaries "acquire system configuration files by leveraging available...

PT-2024-29336 · Navidrome · Navidrome

Name of the Vulnerable Software and Affected Versions: Navidrome version 0.52.3 Description: The issue concerns the use of an insecure hashing algorithm, specifically MD5, in the Gravatar service of Navidrome. This allows attackers to manipulate a user's account information. Recommendations: For...

CVE-2024-24554 Bludit - Insecure Token Generation

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API...

Analysis of user password strength

The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of...

GHSA-6F9M-V7MP-7JJQ Authentication Bypass in TYPO3 CMS

It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing...

TYPO3 CMS Authentication Bypass vulnerability

It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing...

PHP Censor uses a weak hashing algorithm for the remember me key

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its rememberkey value. This allows attackers to bruteforce to bruteforce the rememberkey value to gain access to accounts that have checked "remember me" when logging in...