CVE-2017-11131

MEDIUM Year: 2017
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-916
View all →

Vulnerability Description

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for authentication. Moreover, only the first 32 bytes of the hash are used. This allows for easy dictionary and rainbow-table attacks if an attacker has access to the password hash.

Related Vulnerabilities

CVE-2023-27580

MEDIUM
CVSS:5.9(Medium)

CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in S...

CWE-9162023

CVE-2022-47557

MEDIUM
CVSS:6.1(Medium)

Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to...

CWE-9162022

CVE-2006-1058

MEDIUM
CVSS:5.5(Medium)

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

CWE-9162006

CVE-2014-0083

MEDIUM
CVSS:5.5(Medium)

The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.

CWE-9162014

CVE-2018-13811

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Password hashes with insufficient computational effort could allow an attacker to access to a project file an...

CWE-9162018

CVE-2020-10040

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with local access to the device might be able to retrieve...

CWE-9162020