CVE-2020-6780

MEDIUM Year: 2020
CVSS v3 Score
4.9
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-916
View all →

Vulnerability Description

Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.

Related Vulnerabilities

CVE-2022-40295

MEDIUM
CVSS:4.9(Medium)

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offlin...

CWE-9162022

CVE-2018-15717

MEDIUM
CVSS:5.3(Medium)

Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.

CWE-9162018

CVE-2019-12737

MEDIUM
CVSS:5.3(Medium)

UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.

CWE-9162019

CVE-2021-37551

MEDIUM
CVSS:5.3(Medium)

In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.

CWE-9162021

CVE-2022-23348

MEDIUM
CVSS:5.3(Medium)

BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.

CWE-9162022