How severe is CVE-2017-9859?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2017-9859?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2017-9859 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that "we consider the probability of the success of such manipulation to be extremely low." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

Related Vulnerabilities

CVE-2007-6013

CRITICAL

CVSS:9.8(Critical)

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then gene...

CWE-3272007

CVE-2012-4449

CRITICAL

CVSS:9.8(Critical)

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-depend...

CWE-3272012

CVE-2014-8687

CRITICAL

CVSS:9.8(Critical)

Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens...

CWE-3272014

CVE-2014-9969

CRITICAL

CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm.

CWE-3272014

CVE-2016-6602

CRITICAL

CVSS:9.8(Critical)

ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/s...

CWE-3272016

CVE-2017-17717

CRITICAL

CVSS:9.8(Critical)

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.

CWE-3272017