2 matches found
CVE-2019-25030
CVE-2019-25030 affects Versa Director, Versa Analytics and VOS. Passwords were stored without an adaptive hash or KDF, using Merkle-Damgard-based algorithms (e.g., MD5/SHA-1), enabling rainbow-table based cracking. The connected documents indicate the mitigation is to hash with adaptive algorithm...
CVE-2018-16497
CVE-2018-16497 describes a privilege escalation in Versa Analytics where cron jobs execute commands at set times. If a cron job runs as root and the script it executes is writable by members of the versa group, a non-root user could modify the script to execute with root privileges. The vulnerabi...