1275 matches found
CVE-2026-14867
PcVue projects store credentials for built-in users insecurely in the User directory, affecting all versions before 17.0.0. A local attacker could retrieve these credentials, impacting confidentiality. Active Directory accounts are not affected. The provided documents do not include explicit reme...
CVE-2026-14867 Insecure password storage in User directory
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...
EUVD-2026-40294
Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...
CVE-2026-53692
CVE-2026-53692 affects Redeight CMS v1.0. The root cause is storing passwords with MD5 without a salt, a cryptographically broken hash, allowing attackers who obtain password hashes to reverse them via rainbow tables and expose plaintext credentials. The Connected CVE records confirm this in Rede...
CVE-2026-53692 Weak hashing algorithm in Redeight CMS
Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...
Carrier Corporation i-VU Storing Passwords in a Recoverable Format (CVE-2025-14295)
CWE-257 Storing Passwords in a Recoverable Format vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. An attacker with elevated access can retrieve passwords stored in a recoverable format, potentially compromising credentials and neighboring...
A tale of two eras
Welcome to this week's edition of the Threat Source newsletter. To the surprise of absolutely no one who has seen my face, I'm one of the younger employees at Talos. As my industry veteran colleagues were buying the first iPods, navigating the switch from dial-up to broadband, saying goodbye to...
CVE-2026-11789
A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...
DEBIAN-CVE-2026-11789
A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...
UBUNTU-CVE-2026-11789
A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...
CVE-2026-11790 389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of service
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...
CVE-2026-11789 389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crash
A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...
PT-2026-47779
Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw in the SMD5 password storage plugin allows an unsigned integer underflow when calculating the salt length from a crafted password hash shorter than 16 bytes. This leads to...
[SECURITY] Fedora 44 Update: perl-Crypt-Argon2-0.031-1.fc44
This module implements the Argon2 key derivation function, which is suitable to convert any password into a cryptographic key. This is most often used to for secure storage of passwords but can also be used to derive a encryption key from a password. It offers variable time and memory costs as we...
[SECURITY] Fedora 43 Update: perl-Crypt-Argon2-0.031-1.fc43
This module implements the Argon2 key derivation function, which is suitable to convert any password into a cryptographic key. This is most often used to for secure storage of passwords but can also be used to derive a encryption key from a password. It offers variable time and memory costs as we...
CVE-2026-45413
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...
CVE-2026-45413
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...
PT-2026-43406
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...
Astra Linux – Vulnerability in LibreOffice
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted using a single master key provided by the user. There was a flaw in LibreOffice where the required initialization vector for encryption was always the same,...
SOGo SQL注入漏洞
SOGo is a very fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Versions of SOGo prior to 5.12.7 had an SQL injection...