The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory...

MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v3.08...

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than curren...

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,00...

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a ...

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not so...

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1....

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, w...

Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches t...

A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to ...

gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide...

Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same ...

A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sen...

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending speciall...

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger enc...

IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highl...

Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being...

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain a...

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypti...

WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algor...

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files t...