Jervis's Salt for PBKDF2 derived from password

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL869-L870...

GHSA-36H5-VRQ6-PP34 Jervis's Salt for PBKDF2 derived from password

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL869-L870...

EUVD-2009-2938

Malware in sbrugna...

EUVD-2023-30647

Malicious code in bioql PyPI...

PT-2025-35169

Name of the Vulnerable Software and Affected Versions: coze-studio versions up to 0.2.4 Description: A vulnerability exists due to the use of hard-coded cryptographic keys. The issue is located in an unknown function within the backend/domain/plugin/encrypt/aes.go file. Manipulation of the...

CVE-2021-21253

OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm through the generateUserLink function. This could lead to account takeover, which can lead to theft of sensitive data, modification of website content, addition/deletion of administrator...

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

Design/Logic Flaw

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

ChurchCRM 安全特征问题漏洞

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version v4.5.3 that stems from the program's hashing algorithm utilizing non-random salt values. An attacker exploiting this vulnerability could break a hashed password by using a pre-computed hash...

PT-2023-20825 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.5.3 Description: The hashing algorithm utilizes a non-random salt value, allowing attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords. Recommendations: For ChurchCRM version 4.5.3,...

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

VSHG - Hardware resistance & enhanced security for GnuPG

VSHG aims to provide a memory / hardware resistant reinforcement to GnuPG's standared s2k key-derivation-function + a simplified interface for symmetric encryption . About VSHG VSHG Very secure hash generator is a standalone Addon for GnuPG Gnu privacy guard . It is written as a shell script and ...

Hardware resistance & enhanced security for GnuPG

VSHG aims to provide a memory / hardware resistant reinforcement to GnuPG’s standard s2k key-derivation-function + a simplified interface for symmetric encryption . VSHG Very secure hash generator is a standalone Addon for GnuPG Gnu privacy guard . It is written as a shell script and is designed...

[USN-2524-1] eCryptfs vulnerability

========================================================================== Ubuntu Security Notice USN-2524-1 March 11, 2015 ecryptfs-utils vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

USN-2524-1 ecryptfs-utils vulnerability

Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files...

Ubuntu 14.04 LTS : eCryptfs vulnerability (USN-2524-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2524-1 advisory. Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this...

Design/Logic Flaw

The cryptgensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in cryptblowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number o...