Total
63 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11131 | 1 Stashcat | 1 Heinekingmedia | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for authentication. Moreover, only the first 32 bytes of the hash are used. This allows for easy dictionary and rainbow-table attacks if an attacker has access to the password hash. | |||||
CVE-2018-15680 | 1 Btiteam | 1 Xbtit | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. | |||||
CVE-2018-1447 | 1 Ibm | 3 Spectrum Protect For Space Management, Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot | 2019-10-02 | 5.0 MEDIUM | 8.1 HIGH |
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972. |