9 matches found
CVE-2022-43958
A vulnerability has been identified in QMS Automotive All versions V12.39, QMS Automotive All versions V12.39. User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users...
Design/Logic Flaw
A vulnerability has been identified in QMS Automotive All versions V12.39, QMS Automotive All versions V12.39. User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users...
CVE-2022-43958
A vulnerability has been identified in QMS Automotive All versions V12.39, QMS Automotive All versions V12.39. User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users...
CVE-2022-43958
CVE-2022-43958 | Siemens QMS Automotive : All versions prior to v12.39 store user credentials in plaintext in the database (no hashing). This enables credential exposure and potential user impersonation. Evidence sources describe plaintext password storage as the root cause and assign CVSS scores...
Design/Logic Flaw
Because the WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed...
CVE-2022-40621
The CVE-2022-40621 entry concerns WAVLINK Quantum D4G (WN531G3). Affected firmware versions M31G3.V5030.200325 and earlier communicate over HTTP (not HTTPS), and the device’s authentication hashing does not rely on a server-supplied key. This enables an attacker with sufficient network access to ...
Mandriva Linux Security Advisory : perl (MDVSA-2013:113)
Updated perl packages fix security vulnerability : It was discovered that Perl's 'x' string repeat operator is vulnerable to a heap-based buffer overflow. An attacker could use this to execute arbitrary code CVE-2012-5195. The compile function in Maketext.pm in the Locale::Maketext implementation...
MS11-013: Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)
The implementation of Kerberos on the remote Windows host is affected by one or more vulnerabilities : - Microsoft's Kerberos implementation uses a weak hashing mechanism, which can allow for certain aspects of a Kerberos service ticket to be forged. Note that this is not exploitable on domains...
Проблемы в авторизации MySQL
ИСпользуется слабый механизм хэширования при авторизации позволяющий восстановить пароль...