9.8
CVE-2021-32519
- EPSS 0.1%
- Veröffentlicht 07.07.2021 14:15:11
- Zuletzt bearbeitet 21.11.2024 06:07:11
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginUse of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.2, QSAN XEVO v2.1.0, and QSAN SANOS v2.1.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.288 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| twcert@cert.org.tw | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-916 Use of Password Hash With Insufficient Computational Effort
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.