CVE-2023-23450

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-836
View all →

Vulnerability Description

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.

Related Vulnerabilities

CVE-2021-23857

CRITICAL
CVSS:9.8(Critical)

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to ...

CWE-8362021

CVE-2023-34132

CRITICAL
CVSS:9.8(Critical)

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics...

CWE-8362023

CVE-2023-39546

HIGH
CVSS:8.8(High)

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to th...

CWE-8362023

CVE-2023-4299

HIGH
CVSS:8.1(High)

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

CWE-8362023

CVE-2021-23857

CRITICAL
CVSS:9.8(Critical)

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to ...

CWE-8362021

CVE-2023-34132

CRITICAL
CVSS:9.8(Critical)

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics...

CWE-8362023