Hard-coded Password Lets Attackers Bypass Lenovo's Fingerprint Scanner

Lenovo has recently rolled out security patches for a severe vulnerability in its Fingerprint Manager Pro software that could allow leak sensitive data stored by the users. Fingerprint Manager Pro is a utility for Microsoft Windows 7, 8 and 8.1 operating systems that allows users to log into thei...

Hardcoded credentials

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the...

CVE-2017-3762

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the...

CVE-2017-8174

Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on th...

CVE-2017-8174

Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on th...

Design/Logic Flaw

Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on th...

CVE-2017-8174

CVE-2017-8174 affects Huawei USG6300/USG6600 firewall lines (firmware V100R001C30SPC300 and V100R001C30SPC500/600/700/800). The issue is a weak algorithm vulnerability that could allow an attacker to crack ciphertext and cause confidential information leaks on transmission links. Affected product...

CVE-2017-8174

Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on th...

Huawei FusionSphere OpenStack Weak Algorithm Vulnerability

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. A weak algorithm vulnerability exists in Huawei...

Weak Algorithm Vulnerability in Huawei USG Products

Huawei USG6300/USG6600 are firewall products from Huawei, China. A weak algorithmic vulnerability exists in several Huawei firewall USG6300/USG6600 products. By exploiting this weak algorithm vulnerability, an attacker can intercept information transmitted over the network and successfully decryp...

Security Advisory - Weak Algorithm Vulnerability in Huawei USG product

There is a weak algorithm vulnerability in Huawei USGUSG6300/USG6600 products. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links. Vulnerability ID: HWPSIRT-2017-02028 This vulnerability has been...

Virtuozzo 7 : java-1.8.0-openjdk / etc (VZLSA-2017-1108)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Weak Hash Algorithm

contwidgetor is using SHA-1 which is a weak hash algorithm. The use of the weak algorithm in the authentication allows attackers to easily perform collsion attacks...

Cryptographic Hash Collision Attack

gateway is vulnerable to collision attack. The vulnerability is possible because it uses weak hashing algorithm, SHA-1, for HashedCredentialsMatcher, allowing the attackers to easily perform collsion attacks...

CVE-2017-5999

An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPTRIJNDAEL256 function the 256-bit block version of Rijndael, not AES instead of MCRYPTRIJNDAEL128 real AES could help...

CVE-2016-5957

IBM Security Privileged Identity Manager ISPIM Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm...

CVE-2016-5957

CVE-2016-5957 affects the IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance. The vulnerability arises from the use of weaker cryptographic algorithms, allowing an attacker to defeat cryptographic protections and obtain sensitive information. Affected: ISPIM Virtual Appliance 2.x ...

Multiple Vendors '/servlets/FetchFile' Multiple Vulnerabilities - Active Check

Multiple vulnerabilities affecting the remote device have been found, these vulnerabilities allows uploading of arbitrary files and their execution, arbitrary file download with directory traversal, use of a weak algorithm for storing passwords and session hijacking. SPDX-FileCopyrightText: 2016...

phpmyadmin -- Unsafe generation of XSRF/CSRF token

The phpMyAdmin development team reports: The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. We consider this vulnerability to be non-critical...

Cisco Ironport Appliances Privilege Escalation Vulnerability

Cisco Ironport Appliances Privilege Escalation Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.5.5-280 Cisco Ironport WSA - AsyncOS 8.0.5-075 Cisco Ironport SMA - AsyncOS 8.3.6-0 Date: 22/05/2014 Credits: Glafkos Charalambous CVE...