CVE-2021-32519

HIGH Year: 2021
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-916
View all →

Vulnerability Description

Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.2, QSAN XEVO v2.1.0, and QSAN SANOS v2.1.0.

Related Vulnerabilities

CVE-2002-1657

HIGH
CVSS:7.5(High)

PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.

CWE-9162002

CVE-2008-1526

HIGH
CVSS:7.5(High)

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it ea...

CWE-9162008

CVE-2009-5139

HIGH
CVSS:7.5(High)

The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a ...

CWE-9162009

CVE-2014-2560

HIGH
CVSS:7.5(High)

The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack,...

CWE-9162014

CVE-2017-18917

HIGH
CVSS:7.5(High)

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.

CWE-9162017

CVE-2019-19766

HIGH
CVSS:7.5(High)

The Bitwarden server through 1.32.0 has a potentially unwanted KDF.

CWE-9162019