340 matches found
CVE-2025-26410
Wattsense Bridge firmware prior to 6.4.1 contains hard-coded user/root credentials; recovered passwords enable login via the serial interface, leading to total compromise. The backdoor user has been removed in firmware BSP >= 6.4.1. Recommended remediation: update Wattsense Bridge firmware to ...
CVE-2025-26410 Weak Hard-coded Credentials
The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...
Wattsense Bridge 安全漏洞
Wattsense Bridge is an intuitive and powerful IoT gateway from Wattsense. Wattsense Bridge has a security vulnerability that stems from the fact that user passwords can be easily recovered through password cracking attempts...
How Long Does It Take Hackers to Crack Modern Hashing Algorithms?
While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity...
CVE-2025-22390
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...
A Hacker's Guide to Password Cracking
Defending your organization's security is like fortifying a castle—you need to understand where attackers will strike and how they'll try to breach your walls. And hackers are always searching for weaknesses, whether it's a lax password policy or a forgotten backdoor. To build a stronger defense,...
Security Flaw in Styra's OPA Exposes NTLM Hashes to Remote Attackers
Details have emerged about a now-patched security flaw in Styra's Open Policy Agent OPA that, if successfully exploited, could have led to leakage of New Technology LAN Manager NTLM hashes. "The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server's local us...
Rocket.Chat 安全漏洞
Rocket.Chat is a chat program from Rocket.Chat, Inc. A security vulnerability exists in Rocket.Chat versions prior to 4.5.1 that stems from insufficient entropy in generated E2EE passwords. An attacker can exploit the vulnerability to crack passwords...
CVE-2024-8453
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords...
CVE-2024-8455
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets ca...
CVE-2024-36440
An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used...
CVE-2024-38881
CVE-2024-38881 affects Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 and possibly later. The root cause is the storage of user passwords using one-way hashes without salts, enabling rainbow-table password cracking by a remote attacker. Reported across multiple ...
PT-2024-28252 · Horizon Business Services Inc. · Caterease
Name of the Vulnerable Software and Affected Versions: Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 Description: The issue allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing...
CVE-2024-38881
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords...
Splunk Cloud Platform和Splunk Enterprise 安全漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...
CVE-2024-25118 Information Disclosure of Hashed Passwords in TYPO3 Backend Forms
TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this...
Lamassu Bitcoin ATM Douro Security Breach
Lamassu Bitcoin ATM Douro is a Bitcoin ATM from Lamassu. A security vulnerability exists in the Lamassu Bitcoin ATM Douro version 7.1 that stems from allowing the use of weak passwords. An attacker could exploit the vulnerability to retrieve stored hashes from the machine and crack passwords up t...
Airgorah - A WiFi Auditing Software That Can Perform Deauth Attacks And Passwords Cracking
Airgorah is a WiFi auditing software that can discover the clients connected to an access point, perform deauthentication attacks against specific clients or all the clients connected to it, capture WPA handshakes, and crack the password of the access point. It is written in Rust and uses GTK4 fo...
PassBreaker - Command-line Password Cracking Tool Developed In Python
PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks. Features Wordlist-based password cracking Brute force password cracking Support for multiple hash...
Announcing the $12k NIST Elliptic Curves Seeds Bounty
The NIST elliptic curves that power much of modern cryptography were generated in the late '90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in ear...