189 matches found
CVE-2021-27451
Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device...
Design/Logic Flaw
Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.302.6.1 - rds/ib: Use both iova and key in freemr socket call aru kolappan Orabug: 33667276 5.4.17-2136.302.6 - Revert fs: align IOCB flags with RWF flags Prasad Singamsetty Orabug: 33627551 5.4.17-2136.302.5 - Revert drm: Initialize struct drmcrtcstate.novblank from device settings...
CVE-2021-37187
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file with reversible passwords from the device, which allows decoding of other users' passwords...
Default credentials
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file with reversible passwords from the device, which allows decoding of other users' passwords...
CVE-2021-37187
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file with reversible passwords from the device, which allows decoding of other users' passwords...
Digi International Digi TransPort 安全漏洞
The Digi International Digi TransPort is a full-featured cellular router from Digi International USA. A security vulnerability exists in the Digi International Digi TransPort, which can be exploited by an authenticated attacker to read a password file passwords are reversible from the device, whi...
CVE-2021-39182 Use of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.py
EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...
Design/Logic Flaw
Certain NetModule devices have Insecure Password Handling cleartext or reversible encryption, These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB38...
CVE-2021-39289
CVE-2021-39289 affects NetModule Router Software (NRSW) and various NetModule NB devices where passwords are stored in cleartext or with reversible encryption. Affected devices include NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, a...
CVE-2021-34688
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...
MesaLabs AmegaView 命令注入漏洞
MesaLabs AmegaView is a continuous monitoring system CMS from MesaLabs USA. A command injection vulnerability exists in MesaLabs AmegaView version 3.0 and prior versions, which stems from passwords in the system that are generated by an easily reversible algorithm, and the use of default cookies...
CVE-2020-10554
An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM...
CVE-2020-10375
An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product...
Fedora 32 : glibc (2021-6e581c051a)
The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-6e581c051a advisory. - The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding...
CVE-2020-0533
Reversible one-way hash in IntelR CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access...
Information disclosure
Reversible one-way hash in IntelR CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access...
CVE-2019-20047
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded...
Hacking Hardware Password Managers: The RecZone
TL:DR Hardware security can be difficult to fathom, so I set out to research three password vaults as a newbie, sharing my findings. I picked three popular hardware vaults, each with different components, requiring different skills and equipment. Here's how I learned about disassembly, chipset...
Medtronic Valleylab FT10 and FX8
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Medtronic Equipment: Valleylab FT10, Valleylab FX8 Vulnerabilities: Use of Hard-coded Credentials, Reversible One-way Hash, Improper Input Validation 2. RISK EVALUATION Successful exploitation of...