17 matches found
newbee-mall 加密问题漏洞
newbee-mall is an e-commerce system developed by newbee with open source. newbee-mall has encryption-related vulnerabilities; these vulnerabilities stem from the use of the unsalted MD5 hash algorithm for storing and verifying user passwords. This allows attackers to quickly recover plaintext...
Ilevia EVE X1 Server 安全漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server version 4.7.18.0.eden and prior versions, which stems from storing passwords using the unsalted MD5 hash algorithm, which could lead to an offline dictionary...
Use of Password Hash With Insufficient Computational Effort
Overview Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of a simple, unsalted hash for storing user passwords and API keys. An attacker can obtain sensitive information by performing offline rainbow table attacks...
Linux Distros Unpatched Vulnerability : CVE-2013-7484
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zabbix before 5.0 represents passwords in the users table with unsalted MD5. CVE-2013-7484 Note that Nessus relies on the presence of the package as reported by...
IBM Security Verify Governance 安全漏洞
IBM Security Verify Governance is an intelligent identity access platform from International Business Machines IBM, Inc. provides organizations with a platform to analyze, define and control user access and access risk. IBM Security Verify Governance suffers from a security vulnerability that ste...
PLANET switch devices 安全漏洞
PLANET switch devices are a series of switch devices from PLANET Corporation in China. A security vulnerability exists in PLANET switch devices that stems from the use of an insecure hash function that is not salted to hash user passwords. A remote attacker with administrator privileges could rea...
Horizon Business Services Caterease 安全漏洞
Horizon Business Services Caterease is an event planning and catering software from Horizon Business Services, USA. A security vulnerability exists in Horizon Business Services Caterease versions 16.0.1.1663 through 24.0.1.2405 and later versions, which stems from the use of unsalted unidirection...
OnlineVotingSystem Encryption Problem Vulnerability
Dbijaya OnlineVotingSystem is a Java-based online voting system from the individual developers of Dbijaya. OnlineVotingSystem before version 1.1.2 suffers from a cryptographic vulnerability that stems from not using a salt to hash a user's password, which can be exploited by an attacker to make i...
CVE-2020-8791
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary...
CVE-2013-7484
Zabbix before 5.0 represents passwords in the users table with unsalted MD5...
CVE-2013-7484
Zabbix before 5.0 represents passwords in the users table with unsalted MD5...
McAfee Vulnerability Manager Unsalted Password Vulnerability
McAfee Vulnerability Manager is prone to unsalted password vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2015-8989
McAfee Vulnerability Manager (MVM) – Enterprise Manager web portal is affected by CVE-2015-8989. The vulnerability stems from unsalted passwords stored for user accounts, enabling attackers to brute-force passwords against the MVM database. Affected: McAfee Vulnerability Manager prior to version ...
CVE-2015-8989
Unsalted password vulnerability in the Enterprise Manager web portal component in Intel Security McAfee Vulnerability Manager MVM 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database...
RedTeam Pentesting GmbH
Advisory: Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes The Owl Intranet Engine uses no salting in the password hashing procedure. Furthermore, users in the "Administrators" group are able to see the MD5 password hashes of every user using the web interface. Details...
Debian DSA-2150-1 : request-tracker3.6 - unsalted password hashing
It was discovered that Request Tracker, an issue tracking system, stored passwords in its database by using an insufficiently strong hashing method. If an attacker would have access to the password database, he could decode the passwords stored in it. %NASLMINLEVEL 70300 C Tenable Network Securit...
PT-2008-3085 · Zyxel · Zyxel Prestige
Name of the Vulnerable Software and Affected Versions: ZyXEL Prestige routers versions 3.40PE9 and 3.40AGD.2 through 3.40AHQ.3 Description: The issue is related to the calculation of an MD5 password hash without using a salt, making it easier for attackers to crack passwords. Recommendations: For...