Delta Electronics DIAEnergie 加密问题漏洞

DIAEnergie is an industrial energy management system from Delta Electronics. A weak hash algorithm vulnerability exists in DIAEnergie 1.7.5 and earlier versions. An attacker can exploit this vulnerability to retrieve plaintext passwords...

Dnsmasq Security Feature Issue Vulnerability (CNVD-2021-16430)

Dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. It can be used as a server to forward DNS, DHCP, and TFTP. Dnsmasq suffers from a security vulnerability that stems from the use of a weak hash algorithm CRC32 to validate DNS responses when compiled without dnnssec. No...

dnsmasq 加密问题漏洞

Dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. It can be used as a server to forward DNS, DHCP, and TFTP. Dnsmasq suffers from a security vulnerability that stems from the use of a weak hash algorithm CRC32 to validate DNS responses when compiled without dnnssec. No...

dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is...

Code injection

GigaVUE-OS GVOS 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database...

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63323)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server has an information disclosure vulnerability that stems from the use of a...

Security Bulletin: Vulnerability in IBM Java SDK affects Rational Functional Tester (CVE-2016-5542)

Summary If a JAR file is signed with old, weak hash algorithms, the class files within it can be modified without the change being caught. This potentially enables attackers to inject malicious code into signed code from a trusted third party. Vulnerability Details CVEID: CVE-2016-5542 DESCRIPTIO...

Weak Hash Algorithm Without Salt

dolibarr/dolibarr is vulnerable to using a weak hash algorithm without salt. The library does not encrypt its passwords with a salt, meaning that the password hash stored on the system can be easily brute forced...

OpenJDK: MD5 allowed for jar verification (Security, 8171121)

It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...

OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)

It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...

Design/Logic Flaw

Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack...

CVE-2014-1696

Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack...

MySQL Weak Hash Algorithm

The version of MySQL installed on the remote host is older than 4.1.1. As such, it reportedly uses a weak algorithm to hash the passwords. A attacker who can read the mysql.user table will be able to retrieve the plaintext passwords quickly by brute-force attack. C Tenable Network Security, Inc...

CVE-2010-2468

The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password...

Default credentials

The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password...

CVE-2010-2468

CVE-2010-2468 affects S2 Security NetBox 2.x and 3.x as used in Linear eMerge 50/5000 and Sonitrol eAccess. The root cause is the use of a weak hash algorithm for storing the Administrator password, which can allow context-dependent attackers to recover the password and gain privileged access. Th...

CVE-2010-2468

The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password...

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

Authentication flaw

The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords...

CVE-2008-3288

The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords...