Описание
A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.
Ссылки
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00088
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-760
Связанные уязвимости
github
больше 3 лет назад
A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.
EPSS
Процентиль: 25%
0.00088
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-760