73 matches found
CVE-2024-10026
A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances...
CVE-2024-10026 Improved Seeding and Hashing In gVisor
A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances...
Festo CODESYS V3 Products Use of Password Hash With Insufficient Computational Effort (CVE-2020-12069)
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. This plugin...
CVE-2024-22892
OpenSlides 4.0.15 is affected by a vulnerability due to using a weak hashing algorithm for password storage. The CVE-2024-22892 entry, with a CVSS v3.1 base score of 7.5 (HIGH), indicates network attack potential with low complexity and no privileges required. The issue targets the password hashi...
PHP Censor uses a weak hashing algorithm for the remember me key
php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its rememberkey value. This allows attackers to bruteforce to bruteforce the rememberkey value to gain access to accounts that have checked "remember me" when logging in...
CVE-2024-34914
php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its rememberkey value. This allows attackers to bruteforce to bruteforce the rememberkey value to gain access to accounts that have checked "remember me" when logging in...
PT-2024-2192 · Unknown · Usb Pratirodh
Name of the Vulnerable Software and Affected Versions: USB Pratirodh affected versions not specified Description: This issue is related to the use of a weaker cryptographic algorithm, specifically SHA1, in the user login component. A local attacker with administrative privileges could exploit thi...
Default credentials
The default password hashing algorithm PBKDF2-HMAC-SHA1 in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers...
CVE-2024-1040
CVE-2024-1040 affects Gessler GmbH WEB-MASTER, specifically version 7.9, where user passwords are stored using a weak hashing algorithm. The weakness allows an attacker to restore passwords by breaking the stored hashes (confirmed by multiple sources in connected documents). This vulnerability ha...
CVE-2023-24047
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm...
CVE-2023-24047
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm...
Design/Logic Flaw
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm...
CVE-2023-24047
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm...
CVE-2023-24047
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm...
CVE-2023-24047
Technical details for CVE-2023-24047 are not publicly available in the provided documents. Monitor for updates.
CVE-2020-12069 CODESYS V3 prone to Inadequate Password Hashing
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device...
CVE-2020-12069
CVE-2020-12069 affects CODESYS V3 products containing CmpUserMgr prior to version 3.5.16.0. The CODESYS Control runtime stores online communication passwords using a weak hashing algorithm, enabling a local attacker with low privileges to gain full control of the device. Publicly documented produ...
CVE-2022-4036 Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie...
Appointment Hour Booking < 1.3.73 - CAPTCHA Bypass
The plugin does not have a strong hashing algorithm on the CAPTCHA secret, and displays it to the user via a cookie, which could allow them to bypass the protection in place...
Default credentials
The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables...