CVE-2021-32519

Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.2, QSAN XEVO v2.1.0, and QSAN SANOS v2.1.0.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:qsan:sanos:*:*:*:*:*:*:*:*
cpe:2.3:a:qsan:storage_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:qsan:xevo:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:07

Type Values Removed Values Added
References () https://www.twcert.org.tw/tw/cp-132-4875-692f0-1.html - Third Party Advisory () https://www.twcert.org.tw/tw/cp-132-4875-692f0-1.html - Third Party Advisory
CVSS v2 : 5.0
v3 : 7.5
v2 : 5.0
v3 : 9.8

22 Jul 2021, 11:15

Type Values Removed Values Added
Summary Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash. Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.2, QSAN XEVO v2.1.0, and QSAN SANOS v2.1.0.

10 Jul 2021, 03:34

Type Values Removed Values Added
CWE CWE-916
References (CONFIRM) https://www.twcert.org.tw/tw/cp-132-4875-692f0-1.html - (CONFIRM) https://www.twcert.org.tw/tw/cp-132-4875-692f0-1.html - Third Party Advisory
CPE cpe:2.3:a:qsan:xevo:*:*:*:*:*:*:*:*
cpe:2.3:a:qsan:storage_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:qsan:sanos:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5

07 Jul 2021, 15:08

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-07 14:15

Updated : 2024-11-21 06:07


NVD link : CVE-2021-32519

Mitre link : CVE-2021-32519

CVE.ORG link : CVE-2021-32519


JSON object : View

Products Affected

qsan

  • storage_manager
  • xevo
  • sanos
CWE
CWE-916

Use of Password Hash With Insufficient Computational Effort