9 matches found
MaxKB 安全漏洞
MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.9.1 contained a security vulnerability. This vulnerability stemmed from the use of unaltered MD5 hash storage for user passwords, which could make the...
Use of Password Hash With Insufficient Computational Effort
Overview Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of a simple, unsalted hash for storing user passwords and API keys. An attacker can obtain sensitive information by performing offline rainbow table attacks...
CVE-2025-48931
The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities including rainbow tables with low computational effort...
CVE-2025-48931
The CVE-2025-48931 entry concerns TeleMessage service passwords hashed with MD5 (through 2025-05-05). Root cause: MD5-based password hashing enabling rainbow-table and related attacks with low computational effort. Impact is implied as password-cryptography weakness; no explicit exploited vector ...
CVE-2024-47182
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3...
CVE-2024-47182 Dozzle uses unsafe hash for passwords
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3...
Horizon Business Services Caterease 安全漏洞
Horizon Business Services Caterease is an event planning and catering software from Horizon Business Services, USA. A security vulnerability exists in Horizon Business Services Caterease versions 16.0.1.1663 through 24.0.1.2405 and later versions, which stems from the use of unsalted unidirection...
CVE-2019-6972
An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the...
Insecure Cipher
github.com/go-macaron/macaron uses an insecure cipher for AES keys. The library uses MD5 to create AES keys which is considered insecure since MD5 is vulnerable to rainbow table attacks...