77 matches found
CVE-2024-38881
CVE-2024-38881 affects Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 and possibly later. The root cause is the storage of user passwords using one-way hashes without salts, enabling rainbow-table password cracking by a remote attacker. Reported across multiple ...
CVE-2024-38881
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords...
Schneider Electric Modicon M221 Permissions, Privileges, and Access Controls (CVE-2018-7792)
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to decode the password using rainbow table. This plugin only works with Tenable.ot...
Insecure Cryptographic Functions
github.com/moov-io/customers uses insecure cryptographic function. An attacker is able to exploit the vulnerability by using a rainbow table attack on the system. Th vulnerability exists due to a probability of a lack of uniqueness in the complexity of the hash function...
GHSA-G636-Q5FC-4PR7 accounts: Hash account number using Salt
@alovak found that currently when we build hash of account number we do not "salt" it. Which makes it vulnerable to rainbow table attack. What did you expect to see? I expected salt some random number from configuration to be used in hash.AccountNumber I would generate salt per tenant at least...
HashCobra - Hash Cracking Tool
hashcobra Hash Cracking tool. Usage $ ./hashcobra -H --== hashcobra by sepehrdad ==-- usage: hashcobra -o options | misc options: -a - hashing algorithm default: md5 - ? to list available algorithms -c - compression algorithm default: zstd - ? to list available algorithms -h - hash to crack -r -...
Rainbow Crackalack - Rainbow Table Generation And Lookup Tools
This project produces open-source code to generate rainbow tables as well as use them to look up password hashes. While the current release only supports NTLM, future releases aim to support MD5, SHA-1, SHA-256, and possibly more. Both Linux and Windows are supported! For more information, see th...
Hashcatch - Capture Handshakes Of Nearby WiFi Networks Automatically
Hashcatch deauthenticates clients connected to all nearby WiFi networks and tries to capture the handshakes. It can be used in any linux device including Raspberry Pi and Nethunter devices so that you can capture handshakes while walking your dog Written by @SivaneshAshok PoC of hashcatch running...
CVE-2019-6972
An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the...
Seven Must-Dos to Secure MySQL 8.0
Most database breaches are blamed on insiders such as employees who are either malicious or whose security has been compromised. In fact, most of these breaches are actually caused by poor security configuration and privilege abuse. Every new database version brings security upgrades. Use them...
CVE-2018-7792
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to decode the password using rainbow table...
CVE-2018-7792
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to decode the password using rainbow table...
Design/Logic Flaw
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to decode the password using rainbow table...
CVE-2018-7792
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to decode the password using rainbow table...
CVE-2018-7792
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to decode the password using rainbow table...
CVE-2018-7792
CVE-2018-7792 affects Schneider Electric Modicon M221 PLCs (all versions prior to firmware v1.6.2.0). The vulnerability allows unauthorized users to decode passwords via rainbow table attacks on the stored credentials. Connected sources confirm the broader M221 family is impacted and identify the...
High-Severity Flaws Patched in Schneider Electric Products
Schneider Electric has released fixes for a slew of vulnerabilities that can be exploited remotely in two of its industrial control system products. The two flaws, which exist in Schneider Electric’s power management system, PowerLogic PM5560, and its programmable logic controller, Modicon M221,...
PT-2018-1525
Name of the Vulnerable Software and Affected Versions Modicon M221 versions prior to V1.6.2.0 Description A Permissions, Privileges, and Access Control issue exists, allowing unauthorized users to decode passwords using a rainbow table. This could enable a remote attacker to exploit the...
CVE-2018-11209
An issue was discovered in Z-BlogPHP 2.0.0. zbsystem/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue...
Design/Logic Flaw
DISPUTED An issue was discovered in Z-BlogPHP 2.0.0. zbsystem/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid...