Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45394 | 1 Authenticator | 1 Authenticator | 2024-09-17 | N/A | 7.8 HIGH |
| Authenticator is a browser extensions that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the user's encryption key. Users on version 8.0.0 and above are automatically migrated away from the weak encoding on first login. Users should destroy encrypted backups made with versions prior to 8.0.0. | |||||
| CVE-2024-24279 | 2024-08-27 | N/A | 8.8 HIGH | ||
| An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower functions. | |||||
| CVE-2024-34113 | 1 Adobe | 1 Coldfusion | 2024-08-07 | N/A | 5.5 MEDIUM |
| ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-23492 | 2024-08-01 | N/A | 5.7 MEDIUM | ||
| A weak encoding is used to transmit credentials for WS203VICM. | |||||
| CVE-2024-28270 | 2024-08-01 | N/A | 8.1 HIGH | ||
| An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword. | |||||
| CVE-2024-5434 | 2024-05-29 | N/A | N/A | ||
| The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were to gain access to the file, passwords could be decoded and reused to gain access. | |||||
| CVE-2024-0556 | 1 Xantech | 2 Wic1200, Wic1200 Firmware | 2024-02-28 | N/A | 6.5 MEDIUM |
| A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text. | |||||
| CVE-2023-0356 | 1 Socomec | 2 Modulys Gp, Net Vision | 2024-02-28 | N/A | 7.5 HIGH |
| SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information. | |||||