Lucene search
+L

77 matches found

CVE
CVE
added 2024/08/02 12:0 a.m.40 views

CVE-2024-38881

CVE-2024-38881 affects Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 and possibly later. The root cause is the storage of user passwords using one-way hashes without salts, enabling rainbow-table password cracking by a remote attacker. Reported across multiple ...

7.5CVSS7.3AI score0.00436EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/02 12:0 a.m.22 views

CVE-2024-38881

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords...

0.00436EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/01 12:0 a.m.35 views

Schneider Electric Modicon M221 Permissions, Privileges, and Access Controls (CVE-2018-7792)

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to decode the password using rainbow table. This plugin only works with Tenable.ot...

7.5CVSS7.1AI score0.01053EPSS
Exploits0References4
Veracode
Veracode
added 2021/05/25 9:31 a.m.12 views

Insecure Cryptographic Functions

github.com/moov-io/customers uses insecure cryptographic function. An attacker is able to exploit the vulnerability by using a rainbow table attack on the system. Th vulnerability exists due to a probability of a lack of uniqueness in the complexity of the hash function...

2.6AI score
Exploits0
OSV
OSV
added 2021/05/24 5:0 p.m.16 views

GHSA-G636-Q5FC-4PR7 accounts: Hash account number using Salt

@alovak found that currently when we build hash of account number we do not "salt" it. Which makes it vulnerable to rainbow table attack. What did you expect to see? I expected salt some random number from configuration to be used in hash.AccountNumber I would generate salt per tenant at least...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2019/12/12 11:27 a.m.182 views

HashCobra - Hash Cracking Tool

hashcobra Hash Cracking tool. Usage $ ./hashcobra -H --== hashcobra by sepehrdad ==-- usage: hashcobra -o options | misc options: -a - hashing algorithm default: md5 - ? to list available algorithms -c - compression algorithm default: zstd - ? to list available algorithms -h - hash to crack -r -...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2019/11/14 9:0 p.m.96 views

Rainbow Crackalack - Rainbow Table Generation And Lookup Tools

This project produces open-source code to generate rainbow tables as well as use them to look up password hashes. While the current release only supports NTLM, future releases aim to support MD5, SHA-1, SHA-256, and possibly more. Both Linux and Windows are supported! For more information, see th...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2019/08/30 1:0 p.m.101 views

Hashcatch - Capture Handshakes Of Nearby WiFi Networks Automatically

Hashcatch deauthenticates clients connected to all nearby WiFi networks and tries to capture the handshakes. It can be used in any linux device including Raspberry Pi and Nethunter devices so that you can capture handshakes while walking your dog Written by @SivaneshAshok PoC of hashcatch running...

6.8AI score
Exploits0References1
NVD
NVD
added 2019/06/19 3:15 p.m.18 views

CVE-2019-6972

An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the...

7.5CVSS7.6AI score0.01114EPSS
Exploits1References2
Imperva Blog
Imperva Blog
added 2019/01/24 8:21 p.m.27 views

Seven Must-Dos to Secure MySQL 8.0

Most database breaches are blamed on insiders such as employees who are either malicious or whose security has been compromised. In fact, most of these breaches are actually caused by poor security configuration and privilege abuse. Every new database version brings security upgrades. Use them...

0.1AI score
Exploits0
OSV
OSV
added 2018/08/29 9:29 p.m.6 views

CVE-2018-7792

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to decode the password using rainbow table...

7.5CVSS5.8AI score0.01053EPSS
Exploits0References2
NVD
NVD
added 2018/08/29 9:29 p.m.24 views

CVE-2018-7792

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to decode the password using rainbow table...

7.5CVSS7.9AI score0.01053EPSS
Exploits0References2
Prion
Prion
added 2018/08/29 9:29 p.m.17 views

Design/Logic Flaw

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to decode the password using rainbow table...

5CVSS7.9AI score0.01053EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/08/29 9:0 p.m.32 views

CVE-2018-7792

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to decode the password using rainbow table...

7.4AI score0.01053EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2018/08/29 9:0 p.m.7 views

CVE-2018-7792

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to decode the password using rainbow table...

7.1AI score0.01053EPSS
Exploits0References2
CVE
CVE
added 2018/08/29 9:0 p.m.85 views

CVE-2018-7792

CVE-2018-7792 affects Schneider Electric Modicon M221 PLCs (all versions prior to firmware v1.6.2.0). The vulnerability allows unauthorized users to decode passwords via rainbow table attacks on the stored credentials. Connected sources confirm the broader M221 family is impacted and identify the...

7.5CVSS7.4AI score0.01053EPSS
Exploits0References2Affected Software1
ThreatPost
ThreatPost
added 2018/08/29 5:55 p.m.27 views

High-Severity Flaws Patched in Schneider Electric Products

Schneider Electric has released fixes for a slew of vulnerabilities that can be exploited remotely in two of its industrial control system products. The two flaws, which exist in Schneider Electric’s power management system, PowerLogic PM5560, and its programmable logic controller, Modicon M221,...

7.5CVSS2.2AI score0.02478EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2018/07/30 12:0 a.m.15 views

PT-2018-1525

Name of the Vulnerable Software and Affected Versions Modicon M221 versions prior to V1.6.2.0 Description A Permissions, Privileges, and Access Control issue exists, allowing unauthorized users to decode passwords using a rainbow table. This could enable a remote attacker to exploit the...

7.5CVSS7.2AI score0.01053EPSS
Exploits0References7
OSV
OSV
added 2018/05/16 3:29 p.m.4 views

CVE-2018-11209

An issue was discovered in Z-BlogPHP 2.0.0. zbsystem/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue...

7.2CVSS5.8AI score0.0102EPSS
Exploits1References2
Prion
Prion
added 2018/05/16 3:29 p.m.18 views

Design/Logic Flaw

DISPUTED An issue was discovered in Z-BlogPHP 2.0.0. zbsystem/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid...

4CVSS7AI score0.0102EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder