Vulnerabilities (CVE)

Filtered by CWE-916
Total 74 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12305 1 Actions-micro 2 Ezcast Pro Ii, Ezcast Pro Ii Firmware 2024-02-04 3.3 LOW 6.5 MEDIUM
In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can be cracked to access the administration panel of the device.
CVE-2020-14512 1 Secomea 2 Gatemanager 8250, Gatemanager 8250 Firmware 2024-02-04 5.0 MEDIUM 7.5 HIGH
GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords.
CVE-2019-20575 1 Google 1 Android 2024-02-04 4.8 MEDIUM 5.4 MEDIUM
An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019).
CVE-2020-0533 1 Intel 1 Converged Security Management Engine Firmware 2024-02-04 4.6 MEDIUM 6.7 MEDIUM
Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
CVE-2017-18917 1 Mattermost 1 Mattermost Server 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
CVE-2020-10040 1 Siemens 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more 2024-02-04 2.1 LOW 5.5 MEDIUM
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with local access to the device might be able to retrieve some passwords in clear text.
CVE-2009-5139 1 Google 1 Gizmo5 2024-02-04 4.3 MEDIUM 7.5 HIGH
The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
CVE-2014-2560 1 Phoner 1 Phonerlite 2024-02-04 4.3 MEDIUM 7.5 HIGH
The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
CVE-2019-17216 1 Vzug 2 Combi-stream Mslq, Combi-stream Mslq Firmware 2024-02-04 7.5 HIGH 9.8 CRITICAL
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.
CVE-2019-20062 1 Mfscripts 1 Yetishare 2024-02-04 5.0 MEDIUM 9.8 CRITICAL
MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash (the hash never expires until used).
CVE-2019-12737 1 Jetbrains 1 Ktor 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
CVE-2010-2450 2 Debian, Shibboleth 2 Debian Linux, Service Provider 2024-02-04 5.0 MEDIUM 7.5 HIGH
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.
CVE-2014-0083 2 Debian, Net-ldap Project 2 Debian Linux, Net-ldap 2024-02-04 2.1 LOW 5.5 MEDIUM
The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.
CVE-2019-19735 1 Mfscripts 1 Yetishare 2024-02-04 6.4 MEDIUM 9.1 CRITICAL
class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.