CVE-2024-21754

MEDIUM Year: 2024
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-916
View all →

Vulnerability Description

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.

Related Vulnerabilities

CVE-2020-27693

MEDIUM
CVSS:4.4(Medium)

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.

CWE-9162020

CVE-2021-38979

MEDIUM
CVSS:4.4(Medium)

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a sal...

CWE-9162021

CVE-2022-0022

MEDIUM
CVSS:4.4(Medium)

Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computationa...

CWE-9162022

CVE-2022-29731

MEDIUM
CVSS:4.3(Medium)

An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users.

CWE-9162022

CVE-2024-2365

MEDIUM
CVSS:4.2(Medium)

A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\Pinn...

CWE-9162024

CVE-2020-6780

MEDIUM
CVSS:4.9(Medium)

Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privi...

CWE-9162020