A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access.
oryginał ENCVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XSiemens Sinec Ins
APPSiemens1.0≤ 1.0
Powiązane podatności
Path Traversal w SINEC INS umożliwia RCE przez SFTP
Command injection w Siemens SINEC INS – wykonanie kodu na systemie operacyjnym
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote a...
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() ...
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep...