MEDIUM🇬🇧 English

CVE-2019-25030

CVSS 5.5v3.1pub. 2021-05-26upd. 2024-11-21

In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as "rainbow tables") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Versa Networks Versa Analytics

    APP
    Versa-Networks
    wszystkie wersje
  • Versa Networks Versa Director

    APP
    Versa-Networks
    wszystkie wersje
  • Versa Networks Versa Operating System

    OS
    Versa-Networks
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-25029CRITICAL9.8ten sam produkt

In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on ...

CVE-2024-39717HIGH7.2⚠ KEVten sam produkt

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is...

CVE-2018-16495HIGH8.8ten sam produkt

In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is ...

CVE-2018-16494HIGH8.8ten sam produkt

In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access ...

CVE-2018-16497HIGH7.8ten sam produkt

In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and ti...