52 matches found
CVE-2026-41879
R-SOFT DMS is affected. The vulnerability arises from storing superadmin credentials with a non-salted nested MD5 hash, enabling an attacker who obtains the password hash to decode the credentials. The password cannot be changed except by modifying the configuration file, indicating a configurati...
CVE-2026-53692
Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...
CVE-2026-45027
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...
CVE-2026-45413
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...
CVE-2026-45413
MaxKB (open‑source enterprise AI assistant) prior to version 2.9.1 stores user passwords with unsalted MD5 hashes, enabling trivial cracking via rainbow tables or GPU-based brute force. The issue is fixed in 2.9.1. Rate of exploitation and in‑the‑wild impact are not detailed in the provided docum...
CVE-2026-45413 MaxKB: Unsalted MD5 Password Hashing
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...
EUVD-2026-31984
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...
CVE-2026-45413 MaxKB: Unsalted MD5 Password Hashing
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...
CVE-2026-26219
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...
CVE-2026-26219
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...
CVE-2026-26219
CVE-2026-26219 affects newbee-mall stores that hash passwords using unsalted MD5 without per-user salts or computational cost controls. Root cause: MD5 hashing without salt enables offline credential cracking if password hashes are exposed. Impact: high confidentiality and integrity risk; plainte...
CVE-2025-34519
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...
CVE-2025-34519
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...
CVE-2025-34519
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...
CVE-2025-34519
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden store user passwords with MD5 without per-password salt, enabling offline dictionary/rainbow-table/brute-force attacks on a breached database. Connected sources confirm this insecure hashing practice and indicate the vendor has declined to se...
EUVD-2025-34806
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...
CVE-2025-34208 Vasion Print (formerly PrinterLogic) Insecure Password Hashing
Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's hash function in multiple files serverwriterequestsusers.php, updatedatabase.php,...
Weak Password Storage
github.com/neuvector/neuvector is vulnerable to Weak Password Storage. The vulnerability is due to storing user passwords and API keys with a simple, unsalted hash, making them susceptible to offline rainbow-table attacks...
CVE-2025-53884 NeuVector has an insecure password storage vulnerable to rainbow attack
NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...
CVE-2025-53884 NeuVector has an insecure password storage vulnerable to rainbow attack
NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...