ChurchCRM 安全特征问题漏洞

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version v4.5.3 that stems from the program's hashing algorithm utilizing non-random salt values. An attacker exploiting this vulnerability could break a hashed password by using a pre-computed hash...

CVE-2023-26855

CVE-2023-26855 concerns ChurchCRM v4.5.3, where the hashing algorithm uses a non-random salt. This weakens password security because attackers could leverage precomputed hash tables or dictionary attacks to crack hashes. The related documents consistently identify the vulnerable component as the ...

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

Collision Attack

jenkins-2-plugins is vulnerable to Collision Attacks. The vulnerability is possible because it uses the weak hashing algorithm, SHA-1 to store whole-script approvals, making it vulnerable to collision attacks...

CVE-2020-12069

CVE-2020-12069 affects CODESYS V3 products containing CmpUserMgr prior to version 3.5.16.0. The CODESYS Control runtime stores online communication passwords using a weak hashing algorithm, enabling a local attacker with low privileges to gain full control of the device. Publicly documented produ...

CVE-2020-12069 CODESYS V3 prone to Inadequate Password Hashing

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device...

Design/Logic Flaw

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie...

CVE-2022-4036 Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie...

CVE-2022-4036 Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie...

Appointment Hour Booking < 1.3.73 - CAPTCHA Bypass

The plugin does not have a strong hashing algorithm on the CAPTCHA secret, and displays it to the user via a cookie, which could allow them to bypass the protection in place...

CVE-2022-29835

CVE-2022-29835 concerns WD Discovery: WD Discovery Desktop App on Mac and Windows prior to 4.4.396 are signed with an unsafe SHA-1 hashing algorithm, enabling potential forged certificate signatures and compromising user content confidentiality. The issue affects WD Discovery software prior to ve...

Western Digital WD Discovery 加密问题漏洞

Western Digital MyCloud Home is a personal storage device from Western Digital.Western Digital WD Discovery is a remote connection management tool for Western Digital personal storage devices. A security vulnerability exists in Western Digital WD Discovery version 4.4.396 that stems from the use ...

PT-2022-19462 · Unknown · Notrinoserp

Name of the Vulnerable Software and Affected Versions: notrinoserp versions prior to v0.7 Description: The issue results in exposure of private personal information to an unauthorized actor, leading to privilege escalation to a system administrator account. This allows an attacker to gain access ...

Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users

Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or revoking shared invitation links for workspaces. "When a user performed either of these actions, Slack transmitted a hashed version of their password to othe...

[SECURITY] Fedora 36 Update: golang-github-cespare-xxhash-2.1.2-4.fc36

xxhash is a Go implementation of the 64-bit xxHash algorithm, XXH64. This is a high-quality hashing algorithm that is much faster than anything in the Go standard library...

CVE-2022-30320

Saia Burgess Controls SBC PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls SBC PCD S-Bus weak credential hashing scheme issue. The affected components are characterized as: S-Bus 5050/UDP authentication. The...

CVE-2022-29161 Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collision...

Code injection

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...

CVE-2021-39182 Use of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.py

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...

Default credentials

The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables...