CVE-2021-32997

HIGH Year: 2021
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-916
View all →

Vulnerability Description

The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access.

Related Vulnerabilities

CVE-2002-1657

HIGH
CVSS:7.5(High)

PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.

CWE-9162002

CVE-2008-1526

HIGH
CVSS:7.5(High)

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it ea...

CWE-9162008

CVE-2009-5139

HIGH
CVSS:7.5(High)

The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a ...

CWE-9162009

CVE-2014-2560

HIGH
CVSS:7.5(High)

The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack,...

CWE-9162014

CVE-2017-18917

HIGH
CVSS:7.5(High)

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.

CWE-9162017

CVE-2019-19766

HIGH
CVSS:7.5(High)

The Bitwarden server through 1.32.0 has a potentially unwanted KDF.

CWE-9162019