Описание
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.305b240802 (исключая)
Одновременно
cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*
Конфигурация 2Версия до 2.305b240719 (исключая)
Одновременно
cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00102
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-328
Связанные уязвимости
CVSS3: 4.9
github
больше 1 года назад
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.
EPSS
Процентиль: 29%
0.00102
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-328