4 matches found
CVE-2019-25030
CVE-2019-25030 affects Versa Director, Versa Analytics and VOS. Passwords were stored without an adaptive hash or KDF, using Merkle-Damgard-based algorithms (e.g., MD5/SHA-1), enabling rainbow-table based cracking. The connected documents indicate the mitigation is to hash with adaptive algorithm...
CVE-2018-16494
CVE-2018-16494 affects Versa Networks Versa OS (VOS). The issue is an overly permissive default file-creation mask (umask) that allows authorized server users to obtain unauthorized access via insecure file permissions. This can lead to arbitrary read, write, or execution of newly created files a...
CVE-2018-16495
Versa Networks Versa Operating System (VOS) is affected by a session fixation issue: an authentication token is issued to the browser before authentication and is not changed after a successful login. The underlying problem: the same session ID persists across login, enabling an attacker to set u...
CVE-2018-16499
The CVE-2018-16499 entry concerns Versa Networks Versa VOS. The connected records indicate the issue stems from the use of unapproved SSH encryption protocols or cipher suites, enabling a network-endpoint attacker to perform a man-in-the-middle attack and potentially view communications between a...