CVE-2023-0452

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-328
View all →

Vulnerability Description

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians.

Related Vulnerabilities

CVE-2022-29835

MEDIUM
CVSS:5.3(Medium)

WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algor...

CWE-3282022

CVE-2024-34914

MEDIUM
CVSS:5.3(Medium)

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain a...

CWE-3282024

CVE-2024-52521

MEDIUM
CVSS:5.3(Medium)

Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being...

CWE-3282024

CVE-2024-56414

MEDIUM
CVSS:5.5(Medium)

Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

CWE-3282024

CVE-2023-44319

MEDIUM
CVSS:4.9(Medium)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB ...

CWE-3282023

CVE-2024-8453

MEDIUM
CVSS:4.9(Medium)

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files t...

CWE-3282024