5 matches found
CVE-2026-13455 PostgreSQL Anonymizer: Unrestricted function can leak the secret salt
PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...
Exploit for CVE-2026-46395
CVE-2026-46395 - HAXcms Node.js Private Key Disclosure via Bro...
CVE-2020-11625
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate wheth...
CVE-2019-12813
An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can...
U.S. Dept Of Defense: Admin Salt Leakage on DoD site.
Hi there, the login page located at https://█████████/████████/adminapi/administrator.cfc is leaking administrator salt which is required at authentication purpose. PoC: Navigate to https://████/████████/adminapi/administrator.cfc?method=getSalt which will show you the admin salt ████████ which i...