76 matches found
heinekingmedia StashCat Password Attack Vulnerability
heinekingmedia StashCat for Android is an Android-based enterprise communication software from the German company heinekingmedia. heinekingmedia StashCat suffers from a password attack vulnerability that stems from user passwords being hashed directly with SHA-512. By exploiting this vulnerabilit...
Authentication flaw
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for...
CVE-2017-11131
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for...
Dagon - Advanced Hash Manipulation
Named after the prince of Hell, Dagon day-gone is an advanced hash cracking and manipulation system, capable of bruteforcing multiple hash types, creating bruteforce dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, and much more. Screenshots...
Insecure Cipher
github.com/go-macaron/macaron uses an insecure cipher for AES keys. The library uses MD5 to create AES keys which is considered insecure since MD5 is vulnerable to rainbow table attacks...
Dahua DHI-HCVR7216A-S3 Information Disclosure Vulnerability (CNVD-2017-02590)
Dahua DHI-HCVR7216A-S3 is a network DVR product from China Dahua Dahua. A security vulnerability exists in the web interface of NVR firmware version 3.210.0001.10, Camera firmware version 2.400.0000.28.R and SmartPSS software version 1.16.1 in Dahua DHI-HCVR7216A-S3 devices. A remote attacker can...
Code injection
AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a 1 brute-force attack or 2 rainbow-table attack...
CVE-2012-3886
AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a 1 brute-force attack or 2 rainbow-table attack...
CVE-2012-3886
AirDroid 1.0.4 beta is affected by a cryptography weakness where MD5 is used for data in the checklogin parameter and the 7bb cookie. This allows an attacker on the same LAN to potentially recover sensitive data (cleartext) via sniffing the local wireless network and performing brute-force or rai...
CVE-2012-2565
Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach...
Default credentials
Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach...
CVE-2012-2565
Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach...
Default credentials
www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach...
Lessons to learn from the HBGary Federal hack !
The Anonymous attack on HBGary may have amused some who enjoyed the sight of a security firm left embarrassed and exposed, but it should send a shiver down the spine of any IT administrator responsible for securing their own company. Because can you honestly put your hand on your heart and say a...
How to generate Rainbow table-vulnerability warning-the black bar safety net
In a technical Forum accidentally saw a rainbow table download, under a few days of md5 Rainbow tables discover the number of seeds is too little, and the mainstream of the rainbow table is 100G or more online search all over again after the only think you can generate your own. Why bother to...
Security Master weapon awareness of Rainbow hash table crack tool-vulnerability warning-the black bar safety net
Cross-platform password Cracker Ophcrack the crack speed is simply incredible. In the end how fast? It can be in 1 6 0 seconds to crack“Fgpyyih804423”this password. Many people think that this password is already quite safe. Microsoft's password strength determination tool that the password of th...