CVE-2022-40295

MEDIUM Year: 2022
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-916
View all →

Vulnerability Description

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.

Related Vulnerabilities

CVE-2020-6780

MEDIUM
CVSS:4.9(Medium)

Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privi...

CWE-9162020

CVE-2018-15717

MEDIUM
CVSS:5.3(Medium)

Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.

CWE-9162018

CVE-2019-12737

MEDIUM
CVSS:5.3(Medium)

UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.

CWE-9162019

CVE-2021-37551

MEDIUM
CVSS:5.3(Medium)

In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.

CWE-9162021

CVE-2022-23348

MEDIUM
CVSS:5.3(Medium)

BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.

CWE-9162022