CVE-2024-5434

MEDIUM Year: 2024
Weakness Type
CWE-261
View all →

Vulnerability Description

The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were to gain access to the file, passwords could be decoded and reused to gain access.

Related Vulnerabilities

CVE-2017-7905

CRITICAL
CVSS:9.8(Critical)

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmwa...

CWE-2612017

CVE-2020-10275

CRITICAL
CVSS:9.8(Critical)

The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly w...

CWE-2612020

CVE-2021-21507

CRITICAL
CVSS:9.8(Critical)

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote...

CWE-2612021

CVE-2024-24279

HIGH
CVSS:8.8(High)

An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower fu...

CWE-2612024

CVE-2024-28270

HIGH
CVSS:8.1(High)

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword.

CWE-2612024

CVE-2020-14481

HIGH
CVSS:7.8(High)

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows ...

CWE-2612020