Описание
The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:bosch:rexroth_indramotion_xlc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:rexroth_indramotion_xlc:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:bosch:rexroth_indramotion_mlc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:rexroth_indramotion_mlc:-:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00151
Низкий
8.6 High
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
CWE-326
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables.
EPSS
Процентиль: 36%
0.00151
Низкий
8.6 High
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
CWE-326