CVE-2024-34113

MEDIUM Year: 2024
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-261
View all →

Vulnerability Description

ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction.

Related Vulnerabilities

CVE-2013-1053

MEDIUM
CVSS:5.5(Medium)

In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the ...

CWE-2612013

CVE-2023-22271

MEDIUM
CVSS:5.3(Medium)

Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit thi...

CWE-2612023

CVE-2024-23492

MEDIUM
CVSS:5.7(Medium)

A weak encoding is used to transmit credentials for WS203VICM.

CWE-2612024

CVE-2024-34542

MEDIUM
CVSS:5.7(Medium)

Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.

CWE-2612024

CVE-2024-37187

MEDIUM
CVSS:5.7(Medium)

Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.

CWE-2612024

CVE-2020-10919

MEDIUM
CVSS:5.9(Medium)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to ex...

CWE-2612020