9.8
CVE-2019-17216
- EPSS 0.19%
- Veröffentlicht 06.10.2019 16:15:10
- Zuletzt bearbeitet 21.11.2024 04:31:52
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Vzug ≫ Combi-stream Mslq Firmware Version < ethernet_r07
Vzug ≫ Combi-stream Mslq Firmware Version < wlan_r05
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.376 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-916 Use of Password Hash With Insufficient Computational Effort
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.