Lucene search
+L

340 matches found

CVE
CVE
added 2025/02/11 9:20 a.m.698 views

CVE-2025-26410

Wattsense Bridge firmware prior to 6.4.1 contains hard-coded user/root credentials; recovered passwords enable login via the serial interface, leading to total compromise. The backdoor user has been removed in firmware BSP >= 6.4.1. Recommended remediation: update Wattsense Bridge firmware to ...

9.8CVSS9.6AI score0.00692EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/02/11 9:20 a.m.23 views

CVE-2025-26410 Weak Hard-coded Credentials

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...

0.00692EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.4 views

Wattsense Bridge 安全漏洞

Wattsense Bridge is an intuitive and powerful IoT gateway from Wattsense. Wattsense Bridge has a security vulnerability that stems from the fact that user passwords can be easily recovered through password cracking attempts...

9.8CVSS9.2AI score0.00692EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2025/01/28 10:30 a.m.19 views

How Long Does It Take Hackers to Crack Modern Hashing Algorithms?

While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity...

7.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/01/04 12:0 a.m.9 views

CVE-2025-22390

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...

7.5AI score0.00347EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/11/07 12:0 p.m.61 views

A Hacker's Guide to Password Cracking

Defending your organization's security is like fortifying a castle—you need to understand where attackers will strike and how they'll try to breach your walls. And hackers are always searching for weaknesses, whether it's a lax password policy or a forgotten backdoor. To build a stronger defense,...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/22 2:12 p.m.24 views

Security Flaw in Styra's OPA Exposes NTLM Hashes to Remote Attackers

Details have emerged about a now-patched security flaw in Styra's Open Policy Agent OPA that, if successfully exploited, could have led to leakage of New Technology LAN Manager NTLM hashes. "The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server's local us...

8.8CVSS7.4AI score0.11871EPSS
Exploits0
CNNVD
CNNVD
added 2024/10/07 12:0 a.m.7 views

Rocket.Chat 安全漏洞

Rocket.Chat is a chat program from Rocket.Chat, Inc. A security vulnerability exists in Rocket.Chat versions prior to 4.5.1 that stems from insufficient entropy in generated E2EE passwords. An attacker can exploit the vulnerability to crack passwords...

6.7CVSS6.7AI score0.00549EPSS
Exploits0References2
OSV
OSV
added 2024/09/30 8:15 a.m.7 views

CVE-2024-8453

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords...

4.9CVSS5.8AI score0.00305EPSS
Exploits0References2
NVD
NVD
added 2024/09/30 8:15 a.m.22 views

CVE-2024-8455

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets ca...

8.1CVSS0.00338EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/22 12:0 a.m.9 views

CVE-2024-36440

An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used...

7AI score0.00292EPSS
Exploits1References2
CVE
CVE
added 2024/08/02 12:0 a.m.39 views

CVE-2024-38881

CVE-2024-38881 affects Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 and possibly later. The root cause is the storage of user passwords using one-way hashes without salts, enabling rainbow-table password cracking by a remote attacker. Reported across multiple ...

7.5CVSS7.3AI score0.00436EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/02 12:0 a.m.5 views

PT-2024-28252 · Horizon Business Services Inc. · Caterease

Name of the Vulnerable Software and Affected Versions: Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 Description: The issue allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing...

7.5CVSS6.7AI score0.00436EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/08/02 12:0 a.m.22 views

CVE-2024-38881

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords...

0.00436EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.5 views

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

5.3CVSS6.2AI score0.00354EPSS
Exploits0References3
OSV
OSV
added 2024/02/13 10:19 p.m.7 views

CVE-2024-25118 Information Disclosure of Hashed Passwords in TYPO3 Backend Forms

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this...

4.3CVSS5.3AI score0.0056EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/30 12:0 a.m.5 views

Lamassu Bitcoin ATM Douro Security Breach

Lamassu Bitcoin ATM Douro is a Bitcoin ATM from Lamassu. A security vulnerability exists in the Lamassu Bitcoin ATM Douro version 7.1 that stems from allowing the use of weak passwords. An attacker could exploit the vulnerability to retrieve stored hashes from the machine and crack passwords up t...

7.1CVSS6.6AI score0.00125EPSS
Exploits0References2
Kitploit
Kitploit
added 2024/01/24 11:30 a.m.59 views

Airgorah - A WiFi Auditing Software That Can Perform Deauth Attacks And Passwords Cracking

Airgorah is a WiFi auditing software that can discover the clients connected to an access point, perform deauthentication attacks against specific clients or all the clients connected to it, capture WPA handshakes, and crack the password of the access point. It is written in Rust and uses GTK4 fo...

7.4AI score
Exploits0References9
Kitploit
Kitploit
added 2023/12/06 11:30 a.m.54 views

PassBreaker - Command-line Password Cracking Tool Developed In Python

PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks. Features Wordlist-based password cracking Brute force password cracking Support for multiple hash...

7.6AI score
Exploits0References2
Filippo.io
Filippo.io
added 2023/10/05 9:21 p.m.38 views

Announcing the $12k NIST Elliptic Curves Seeds Bounty

The NIST elliptic curves that power much of modern cryptography were generated in the late '90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in ear...

7.4AI score
Exploits0
Rows per page
Query Builder