Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0356 | 1 Socomec | 2 Modulys Gp, Net Vision | 2024-11-21 | N/A | 5.7 MEDIUM |
| SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information. | |||||
| CVE-2024-45273 | 2 Helmholz, Mbconnectline | 27 Myrex24 V2 Virtual Server, Rex 100, Rex 100 Firmware and 24 more | 2024-10-17 | N/A | 7.8 HIGH |
| An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. | |||||
| CVE-2024-45394 | 1 Authenticator | 1 Authenticator | 2024-10-09 | N/A | 7.8 HIGH |
| Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the user's encryption key. Users on version 8.0.0 and above are automatically migrated away from the weak encoding on first login. Users should destroy encrypted backups made with versions prior to 8.0.0. | |||||
| CVE-2024-34542 | 1 Advantech | 2 Adam-5630, Adam-5630 Firmware | 2024-10-07 | N/A | 5.7 MEDIUM |
| Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. | |||||
| CVE-2024-37187 | 1 Advantech | 2 Adam-5550, Adam-5550 Firmware | 2024-10-07 | N/A | 5.7 MEDIUM |
| Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. | |||||
| CVE-2024-8455 | 1 Planet | 6 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 3 more | 2024-10-04 | N/A | 5.9 MEDIUM |
| The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords. | |||||
| CVE-2024-24279 | 2024-08-27 | N/A | 8.8 HIGH | ||
| An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower functions. | |||||
| CVE-2024-34113 | 1 Adobe | 1 Coldfusion | 2024-08-07 | N/A | 5.5 MEDIUM |
| ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-23492 | 2024-08-01 | N/A | 5.7 MEDIUM | ||
| A weak encoding is used to transmit credentials for WS203VICM. | |||||
| CVE-2024-28270 | 2024-08-01 | N/A | 8.1 HIGH | ||
| An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword. | |||||
| CVE-2024-5434 | 2024-05-29 | N/A | N/A | ||
| The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were to gain access to the file, passwords could be decoded and reused to gain access. | |||||
| CVE-2024-0556 | 1 Xantech | 2 Wic1200, Wic1200 Firmware | 2024-02-28 | N/A | 6.5 MEDIUM |
| A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text. | |||||