17 matches found
Tridium Niagara Use of Password Hash With Insufficient Computational Effort (CVE-2025-3937)
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niaga...
Use of Password Hash With Insufficient Computational Effort
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of insufficient bcrypt salt rounds in the getHash function. An attacker can significantly reduce the time required to crack passwor...
Use of password hash with insufficient computational effort vulnerability in BUFFALO Wi-Fi router "WSR-1800AX4 series"
Overview Wi-Fi router "WSR-1800AX4 series" provided by BUFFALO INC. contains the following vulnerability. Use of password hash with insufficient computational effort CWE-916 - CVE-2025-46413 Kazuaki Chikamori and Takayuki Tatekawa of National Institute of Technology, Kochi College reported this...
CVE-2025-3937 Use of Password Hash with Insufficient Computational Effort
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niaga...
CVE-2025-2349 IROAD Dash Cam FX2 Password Hash passwd weak password hash
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational...
CVE-2024-7701
Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0...
CVE-2024-23111
An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...
CVE-2022-47557 Use of Password Hash With Insufficient Computational Effort in Ormazabal products
Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions...
CVE-2022-47557 Use of Password Hash With Insufficient Computational Effort in Ormazabal products
Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions...
Siemens Desigo PXC and DXR Devices Use of Password Hash with Insufficient Computational Effort (CVE-2022-24041)
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application stores the PBKDF2 derived key of users passwords with a low...
Siemens SICAM MMU, SICAM T, and SICAM SGU Use of Password Hash with Insufficient Computational Effort (CVE-2020-10040)
A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with local access to the device might be able to retrieve some passwords in clear text. This plugin only works with Tenable.ot. Please visit...
CVE-2021-39182 Use of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.py
EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...
Baker Hughes Bently Nevada 3500
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bently Nevada, a Baker Hughes subsidiary Equipment: 3500 Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. REPOSTED INFORMATION This advisory was originally posted to the...
Rockwellautomation Factorytalk Use of Password Hash With Insufficient Computational Effort
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly. File data ot500427.nasl...
CVE-2021-22741
CVE-2021-22741 affects Schneider Electric ClearSCADA and EcoStruxure Geo SCADA Expert (2019 all versions; 2020 up to v83.7742.1). The issue is a Password Hash with Insufficient Computational Effort, which could allow an attacker with access to server database files to decrypt or reveal user crede...
Default credentials
Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by...
Davolink DVW-3200N
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Davolink Equipment: DVW-3200N Vulnerability: Use of Password Hash With Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation of this vulnerability may result in a remote...