CVE-2025-34208 Vasion Print (formerly PrinterLogic) Insecure Password Hashing

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's hash function in multiple files serverwriterequestsusers.php, updatedatabase.php,...

CVE-2025-34208 Vasion Print (formerly PrinterLogic) Insecure Password Hashing

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's hash function in multiple files serverwriterequestsusers.php, updatedatabase.php,...

PT-2025-40401

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments affected versions not specified Description The software stores user passwords using unsalted SHA-512 hashes, with a fallback to unsalted SHA-1. The...

Use of Password Hash With Insufficient Computational Effort

Overview Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of a simple, unsalted hash for storing user passwords and API keys. An attacker can obtain sensitive information by performing offline rainbow table attacks...

Use of Password Hash With Insufficient Computational Effort

Overview Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of a simple, unsalted hash for storing user passwords and API keys. An attacker can obtain sensitive information by performing offline rainbow table attacks...

SUSE CVE-2025-53884

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...

PT-2025-33748 · Ezged3 · Ezged3

Name of the Vulnerable Software and Affected Versions: EzGED3 versions 3.5.0 through 3.5.72.27183 Description: EzGED3 stores user passwords using an insecure hashing scheme: md5md5password. This hashing method is cryptographically weak, allowing attackers to perform efficient offline brute-force...

CVE-2025-44647

In TRENDnet TEW-WLC100P 2.03b03, the idontcareaboutsecurityanduseaggressivemodepsk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK...

CVE-2025-44647

In TRENDnet TEW-WLC100P 2.03b03, the idontcareaboutsecurityanduseaggressivemodepsk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK...

PT-2025-30291 · Unknown +1 · Strongswan +1

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-WLC100P version 2.03b03 Description: The i dont care about security and use aggressive mode psk option is enabled in the strongSwan configuration file, allowing IKE Responders to use IKEv1 Aggressive Mode with Pre-Shared Keys. Th...

CVE-2025-44647

In TRENDnet TEW-WLC100P 2.03b03, the idontcareaboutsecurityanduseaggressivemodepsk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK...

CVE-2025-34084

...

F5 Networks BIG-IP : IPsec IKEv1 vulnerability (K42378447)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K42378447 advisory. - The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair...

Hacks Against Ukraine's Emergency Response Services Rise During Bombings

Data from Cloudflare's free digital defense service, Project Galileo, illuminates new links between online and offline attacks...

K42378447: IPsec IKEv1 vulnerability CVE-2018-5389

Security Advisory Description The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1...

K16846: IPMI vulnerability CVE-2013-4786

Security Advisory Description The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol RAKP authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC...

SUSE CVE-2017-3736

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

CVE-2022-40295

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks...

CVE-2022-40295

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks...

Information disclosure

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks...