How severe is CVE-2019-3700?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2019-3700?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2019-3700 - LOW Severity | CVSS 3.3

Vulnerability Description

yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes.

Related Vulnerabilities

CVE-2023-37395

LOW

CVSS:3.3(Low)

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.

CWE-3272023

CVE-2017-12129

LOW

CVSS:3.5(Low)

An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and coul...

CWE-3272017

CVE-2020-24588

LOW

CVSS:3.5(Low)

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticat...

CWE-3272020

CVE-2021-27913

LOW

CVSS:3.5(Low)

The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically...

CWE-3272021

CVE-2021-45486

LOW

CVSS:3.5(Low)

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.

CWE-3272021

CVE-2019-3818

LOW

CVSS:3.7(Low)

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker coul...

CWE-3272019