Lucene search
K

52 matches found

OSV
OSV
added 2022/05/10 11:15 a.m.3 views

CVE-2022-24041

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application stores the PBKDF2 derived key of users passwords with a low...

6.5CVSS5.7AI score0.0045EPSS
Exploits0References1
Prion
Prion
added 2022/05/10 11:15 a.m.21 views

Default credentials

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application stores the PBKDF2 derived key of users passwords with a low...

4CVSS7AI score0.0045EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2022/05/10 9:46 a.m.16 views

CVE-2022-24041

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application stores the PBKDF2 derived key of users passwords with a low...

6.6AI score0.0045EPSS
Exploits0References1
CVE
CVE
added 2022/05/10 9:46 a.m.115 views

CVE-2022-24041

CVE-2022-24041 affects Siemens Desigo DXR2, PXC3, PXC4 and PXC5 devices. The vulnerability stems from storing PBKDF2 password hashes with a low iteration count, enabling an attacker with user-profile access to retrieve other accounts’ password hashes and perform offline cracking to recover plaint...

6.5CVSS6.4AI score0.0045EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.5 views

多款Siemens产品安全漏洞

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References5
NVD
NVD
added 2021/10/26 2:15 p.m.18 views

CVE-2021-41158

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the...

7.5CVSS0.00799EPSS
Exploits3References3
OSV
OSV
added 2021/10/26 2:15 p.m.21 views

ALPINE-CVE-2021-41158

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the...

7.5CVSS7.1AI score0.00799EPSS
Exploits3References1
CVE
CVE
added 2021/10/26 1:55 p.m.158 views

CVE-2021-41158

CVE-2021-41158 affects FreeSWITCH prior to 1.10.7. An attacker can trigger a SIP digest leak by provoking challenges with the realm of a configured gateway, causing FreeSWITCH to reveal the gateway’s challenge response (password-derived) without special network privileges. Root cause: flawed chal...

7.5CVSS6.5AI score0.00799EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2020/06/22 5:27 p.m.19 views

CVE-2020-14049

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...

7.9AI score0.02161EPSS
Exploits1References2
Penetration Testing Lab
Penetration Testing Lab
added 2018/07/04 5:56 a.m.68 views

Dumping Domain Password Hashes

It is very common during penetration tests where domain administrator access has been achieved to extract the password hashes of all the domain users for offline cracking and analysis. These hashes are stored in a database file in the domain controller NTDS.DIT with some additional information li...

2.5AI score
Exploits0
Hacker One
Hacker One
added 2017/06/23 8:0 p.m.19 views

Nextcloud: Android content provider exposes password-protected share password hashes

Summary Nextcloud Android client v1.4.3 has a globally available content provider which exposes the bcrypt password hashes for password protected shared files and folders. Description Android apps can use a content provider to handle storage and retrieval of data. Content providers that are...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2015/05/21 2:35 p.m.9 views

Ersatz Scheme Deceives Hackers, Protects Stored Passwords

Researchers at Purdue University have developed a scheme that protects stolen passwords from offline cracking. The project is explained in a paper called “ErsatzPasswords – Ending Password Cracking” pdf written by Purdue University researchers Mohammed H. Almeshekah, Christopher N. Gutierrez,...

0.8AI score
Exploits0References4
Rows per page
Query Builder