189 matches found
CVE-2024-3543
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system...
CVE-2024-3543 LoadMaster Reversible Password Encryption Algorithm
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system...
CVE-2024-3543 LoadMaster Reversible Password Encryption Algorithm
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system...
DELL ECS Connection Manager 安全漏洞
DELL ECS Connection Manager is a software for managing enterprise cloud storage from Dell DELL USA. A security vulnerability exists in DELL ECS Connection Manager that stems from the use of a reversible password encryption algorithm that allows an attacker to decrypt passwords...
The vulnerability of the software protection tool for accessing applications in Docker environments. IBM Security Verify Access Docker, a access management system from IBM Security Verify Access, which involves storing passwords in a reversible format. This allows attackers to exploit the protected information.
The vulnerability of the Docker-based application access control software, IBM Security Verify Access, lies in its password storage mechanism. Exploiting this vulnerability could allow attackers to disclose the protected information...
Design/Logic Flaw
Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassin...
The Insecurity of Photo Cropping
The Intercept has a long article on the insecurity of photo cropping: One of the hazards lies in the fact that, for some of the programs, downstream crop reversals are possible for viewers or readers of the document, not just the files creators or editors. Official instruction manuals, help pages...
After a swap, user can lose input token amount while receiving no output token amount when output token becomes non-existent
Lines of code Vulnerability details Impact When calling the swap function below, the following safeTransfer function is further called for transferring the corresponding value of token from the pool to the recipient. Note that safeTransfer does not check for the existence of the token contract...
CVE-2022-36617
Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords...
CVE-2022-36617
Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords...
CVE-2022-36617
Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords...
Design/Logic Flaw
Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords...
CVE-2022-36617
CVE-2022-36617 affects Arq Backup 7.19.5.0 and earlier, where backup encryption passwords are stored using reversible encryption. The vulnerability allows attackers with administrative privileges to recover cleartext passwords. Documents do not provide any mitigation or a confirmed fix version. N...
CVE-2022-36617
Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords...
PT-2022-23510 · Unknown · Arq Backup
Name of the Vulnerable Software and Affected Versions: Arq Backup versions 7.19.5.0 and below Description: The issue allows attackers with administrative privileges to recover cleartext passwords because Arq Backup stores backup encryption passwords using reversible encryption. Recommendations: F...
Decrypt Citrix NetScaler Config Secrets
This module takes a Citrix NetScaler ns.conf configuration file as input and extracts secrets that have been stored with reversible encryption. The module supports legacy NetScaler encryption RC4 as well as the newer AES-256-ECB and AES-256-CBC encryption types. It is also possible to decrypt...
GHSA-67FJ-6W6M-W5J8 Reversible One-Way Hash in io.github.javaezlib:JavaEZ
Impact This weakness allows the force decryption of locked text by hackers. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. Upgrading...
Reversible One-Way Hash in io.github.javaezlib:JavaEZ
Impact This weakness allows the force decryption of locked text by hackers. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. Upgrading...
CVE-2022-29249 Reversible One-Way Hash and Use of a Broken or Risky Cryptographic Algorithm in io.github.javaezlib.JavaEZ
JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required...
Robotronic RunAsSpc 信任管理问题漏洞
Robotronic RunAsSpc is a software that supports running an application without a password in another system account. A security vulnerability exists in Robotronic RunAsSpc 4.0 that stems from the affected product's use of a common and reversible encryption key...