CWE-916

CVE-2019-9080

February 26, 2023 by

DomainMOD before 4.14.0 uses MD5 without a salt for password storage.

CVE-2019-7649

February 26, 2023 by

global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.

CVE-2019-6563

February 26, 2023 by

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator’s password, which could lead to a full compromise of the device.

CVE-2019-20575

February 26, 2023 by

An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019).

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the “default” account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device.

CVE-2019-20138

February 26, 2023 by

The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium’s crypto_pwhash_str is not used.