Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13811 | 1 Siemens | 1 Simatic Step 7 \(tia Portal\) | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Password hashes with insufficient computational effort could allow an attacker to access to a project file and reconstruct passwords. The vulnerability could be exploited by an attacker with local access to the project file. No user interaction is required to exploit the vulnerability. The vulnerability could allow the attacker to obtain certain passwords from the project. At the time of advisory publication no public exploitation of this vulnerability was known. | |||||
| CVE-2018-10618 | 1 Davolink | 2 Dvw-3200n, Dvw-3200n Firmware | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device. | |||||
| CVE-2019-12737 | 1 Jetbrains | 1 Ktor | 2019-10-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials. | |||||
| CVE-2018-15681 | 1 Btiteam | 1 Xbtit | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie can efficiently brute-force it to retrieve the user's cleartext password. | |||||
| CVE-2018-15680 | 1 Btiteam | 1 Xbtit | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. | |||||
| CVE-2017-11131 | 1 Stashcat | 1 Heinekingmedia | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for authentication. Moreover, only the first 32 bytes of the hash are used. This allows for easy dictionary and rainbow-table attacks if an attacker has access to the password hash. | |||||
| CVE-2018-1447 | 1 Ibm | 3 Spectrum Protect For Space Management, Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot | 2019-10-03 | 5.0 MEDIUM | 8.1 HIGH |
| The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972. | |||||
| CVE-2018-9233 | 1 Sophos | 1 Endpoint Protection | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches. | |||||