CVE-2019-25030

EPSS 0.05%
Veröffentlicht 26.05.2021 19:15:08
Zuletzt bearbeitet 21.11.2024 04:39:46
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as "rainbow tables") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Versa-networks ≫ Versa Analytics Version-

Versa-networks ≫ Versa Director Version-

Versa-networks ≫ Versa Operating System Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://hackerone.com/reports/1168197

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-25030

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-25030

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-25030

EUVD