4.9
CVE-2024-8453
- EPSS 0.12%
- Veröffentlicht 30.09.2024 08:15:04
- Zuletzt bearbeitet 04.10.2024 15:10:54
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginCertain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Planet ≫ Gs-4210-24p2s Firmware Version < 3.305b240802
Planet ≫ Gs-4210-24pl4c Firmware Version < 2.305b240719
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.31 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| twcert@cert.org.tw | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-328 Use of Weak Hash
The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
CWE-759 Use of a One-Way Hash without a Salt
The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.