Filtered by CWE-916
Filtered by vendor Subscriptions
Total 91 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-9080 1 Domainmod 1 Domainmod 2024-11-21 7.5 High
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.
CVE-2019-7649 1 Cmswing 1 Cmswing 2024-11-21 N/A
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.
CVE-2019-6563 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2024-11-21 9.8 Critical
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.
CVE-2019-3907 1 Identicard 1 Premisys Id 2024-11-21 7.5 High
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-20575 1 Google 1 Android 2024-11-21 5.4 Medium
An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019).
CVE-2019-20466 1 Sannce 2 Smart Hd Wifi Security Camera Ean 2 950004 595317, Smart Hd Wifi Security Camera Ean 2 950004 595317 Firmware 2024-11-21 7.8 High
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device.
CVE-2019-20138 1 Http Authentication Library Project 1 Http Authentication Library 2024-11-21 7.5 High
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used.
CVE-2019-19766 1 Bitwarden 1 Server 2024-11-21 7.5 High
The Bitwarden server through 1.32.0 has a potentially unwanted KDF.
CVE-2019-19735 1 Mfscripts 1 Yetishare 2024-11-21 9.1 Critical
class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.
CVE-2019-17216 1 Vzug 2 Combi-stream Mslq, Combi-stream Mslq Firmware 2024-11-21 9.8 Critical
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.
CVE-2019-12737 1 Jetbrains 1 Ktor 2024-11-21 5.3 Medium
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
CVE-2019-0030 1 Juniper 3 Advanced Threat Prevention Firmware, Atp400, Atp700 2024-11-21 7.2 High
Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
CVE-2018-9233 1 Sophos 1 Endpoint Protection 2024-11-21 N/A
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.
CVE-2018-1447 1 Ibm 3 Spectrum Protect For Space Management, Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot 2024-11-21 N/A
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.
CVE-2018-15717 1 Opendental 1 Opendental 2024-11-21 N/A
Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.
CVE-2018-15681 1 Btiteam 1 Xbtit 2024-11-21 N/A
An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie can efficiently brute-force it to retrieve the user's cleartext password.
CVE-2018-15680 1 Btiteam 1 Xbtit 2024-11-21 N/A
An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack.
CVE-2018-13811 1 Siemens 1 Simatic Step 7 \(tia Portal\) 2024-11-21 N/A
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Password hashes with insufficient computational effort could allow an attacker to access to a project file and reconstruct passwords. The vulnerability could be exploited by an attacker with local access to the project file. No user interaction is required to exploit the vulnerability. The vulnerability could allow the attacker to obtain certain passwords from the project. At the time of advisory publication no public exploitation of this vulnerability was known.
CVE-2018-10618 1 Davolink 2 Dvw-3200n, Dvw-3200n Firmware 2024-11-21 N/A
Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.
CVE-2017-3962 1 Mcafee 1 Network Security Manager 2024-11-21 N/A
Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes.