In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as "rainbow tables") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NVersa Networks Versa Analytics
APPVersa-Networkswszystkie wersjeVersa Networks Versa Director
APPVersa-Networkswszystkie wersjeVersa Networks Versa Operating System
OSVersa-Networkswszystkie wersje
Related vulnerabilities
In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on ...
The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is...
In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is ...
In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access ...
In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and ti...