CWE-836
AllowedUse of Password Hash Instead of Password for Authentication
Abstraction: Base · Status: Incomplete
The product records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.
30 vulnerabilities reference this CWE, most recent first.
CVE-2026-44736 (GCVE-0-2026-44736)
Vulnerability from cvelistv5 – Published: 2026-06-26 19:27 – Updated: 2026-06-27 03:01| URL | Tags |
|---|---|
| https://github.com/opf/openproject/security/advis… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| opf | openproject |
Affected:
< 17.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44736",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-27T02:59:53.577901Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-27T03:01:24.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/opf/openproject/security/advisories/GHSA-p9gq-hrgh-2645"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openproject",
"vendor": "opf",
"versions": [
{
"status": "affected",
"version": "\u003c 17.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations \u2014 and the subject (title) of work packages they have no permission to view \u2014 by supplying an arbitrary work package ID in the involved, fromId, or toId filter. This bypasses the Relation.visible scope due to a flawed performance optimization in RelationQuery. This vulnerability is fixed in 17.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-836",
"description": "CWE-836: Use of Password Hash Instead of Password for Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T19:27:54.656Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opf/openproject/security/advisories/GHSA-p9gq-hrgh-2645",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opf/openproject/security/advisories/GHSA-p9gq-hrgh-2645"
}
],
"source": {
"advisory": "GHSA-p9gq-hrgh-2645",
"discovery": "UNKNOWN"
},
"title": "OpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package Subjects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44736",
"datePublished": "2026-06-26T19:27:54.656Z",
"dateReserved": "2026-05-07T18:04:17.309Z",
"dateUpdated": "2026-06-27T03:01:24.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40103 (GCVE-0-2026-40103)
Vulnerability from cvelistv5 – Published: 2026-04-10 16:12 – Updated: 2026-04-15 14:45- CWE-836 - Use of Password Hash Instead of Password for Authentication
| URL | Tags |
|---|---|
| https://github.com/go-vikunja/vikunja/security/ad… | x_refsource_CONFIRM |
| https://github.com/go-vikunja/vikunja/pull/2584 | x_refsource_MISC |
| https://github.com/go-vikunja/vikunja/commit/6a0f… | x_refsource_MISC |
| https://github.com/go-vikunja/vikunja/releases/ta… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| go-vikunja | vikunja |
Affected:
< 2.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40103",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T14:45:05.880850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T14:45:18.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vikunja",
"vendor": "go-vikunja",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja\u0027s scoped API token enforcement for custom project background routes is method-confused. A token with only projects.background can successfully delete a project background, while a token with only projects.background_delete is rejected. This is a scoped-token authorization bypass. This vulnerability is fixed in 2.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-836",
"description": "CWE-836: Use of Password Hash Instead of Password for Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T16:12:27.603Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-v479-vf79-mg83",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-v479-vf79-mg83"
},
{
"name": "https://github.com/go-vikunja/vikunja/pull/2584",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/go-vikunja/vikunja/pull/2584"
},
{
"name": "https://github.com/go-vikunja/vikunja/commit/6a0f39b252a81fa4b19dc56dc889183acc9225ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/go-vikunja/vikunja/commit/6a0f39b252a81fa4b19dc56dc889183acc9225ae"
},
{
"name": "https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0"
}
],
"source": {
"advisory": "GHSA-v479-vf79-mg83",
"discovery": "UNKNOWN"
},
"title": "Vikunja\u0027s Scoped API tokens with projects.background permission can delete project backgrounds"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40103",
"datePublished": "2026-04-10T16:12:27.603Z",
"dateReserved": "2026-04-09T01:41:38.536Z",
"dateUpdated": "2026-04-15T14:45:18.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9222 (GCVE-0-2026-9222)
Vulnerability from cvelistv5 – Published: 2026-06-25 23:29 – Updated: 2026-06-26 12:30- CWE-836 - Use of password hash instead of password for authentication
| Vendor | Product | Version | |
|---|---|---|---|
| Shenzhen i365-Tech Co. Ltd. | Setracker2 Parental Control App (Android) package com.tgelec.setracker |
Affected:
0 , ≤ 3.1.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9222",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T12:30:48.939049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T12:30:58.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Setracker2 Parental Control App (Android) package com.tgelec.setracker",
"vendor": "Shenzhen i365-Tech Co. Ltd.",
"versions": [
{
"lessThanOrEqual": "3.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Huancheng Hu of Hasso Plattner Institute reported these vulnerabilities to CISA, with support from Prof. Christian Doerr."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access."
}
],
"value": "Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"other": {
"content": {
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CNA",
"version": "2.0.3"
},
"type": "ssvc"
},
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-836",
"description": "CWE-836 Use of password hash instead of password for authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T23:29:03.046Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://raw.githubusercontent.com/cisagov/CSAF/refs/heads/develop/csaf_files/VA/white/2026/va-26-176-01.json"
}
],
"source": {
"advisory": "va-26-176-01",
"discovery": "EXTERNAL"
},
"title": "Setracker2 Children\u0027s Smartwatch Ecosystem Use of password hash instead of password for authentication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vendor was unresponsive in CISA\u0027s attempts to contact for \ncoordination. No known remediations are available. Affected users are \nencouraged to contact the vendor or their local supplier."
}
],
"value": "The vendor was unresponsive in CISA\u0027s attempts to contact for \ncoordination. No known remediations are available. Affected users are \nencouraged to contact the vendor or their local supplier."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-9222",
"datePublished": "2026-06-25T23:29:03.046Z",
"dateReserved": "2026-05-21T17:34:16.235Z",
"dateUpdated": "2026-06-26T12:30:58.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64471 (GCVE-0-2025-64471)
Vulnerability from cvelistv5 – Published: 2025-12-09 17:18 – Updated: 2026-01-14 09:19- CWE-836 - Escalation of privilege
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiWeb |
Affected:
8.0.0 , ≤ 8.0.1
(semver)
Affected: 7.6.0 , ≤ 7.6.5 (semver) Affected: 7.4.0 , ≤ 7.4.10 (semver) Affected: 7.2.0 , ≤ 7.2.11 (semver) Affected: 7.0.0 , ≤ 7.0.11 (semver) cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T18:34:29.978564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T18:34:33.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "8.0.1",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6.5",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.10",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-836",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:19:24.898Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-984",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-984"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiWeb version 8.0.2 or above\nUpgrade to FortiWeb version 7.6.6 or above\nUpgrade to FortiWeb version 7.4.11 or above\nUpgrade to FortiWeb version 7.2.12 or above\nUpgrade to FortiWeb version 7.0.12 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-64471",
"datePublished": "2025-12-09T17:18:44.569Z",
"dateReserved": "2025-11-05T12:25:48.195Z",
"dateUpdated": "2026-01-14T09:19:24.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62618 (GCVE-0-2025-62618)
Vulnerability from cvelistv5 – Published: 2025-10-31 18:31 – Updated: 2025-11-04 15:58{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T15:57:52.513765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T15:58:06.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ELOG",
"vendor": "ELOG",
"versions": [
{
"lessThan": "3.1.5-20251014",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "3.1.5-20251014"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Karl Meister, CISA"
}
],
"datePublic": "2025-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target\u0027s credentials and replay them or crack the password hash offline. In ELOG 3.1.5-20251014 release, HTML files are rendered as plain text."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T19:27:08.218893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-836",
"description": "CWE-836 Use of Password Hash Instead of Password for Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T18:31:06.652Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://bitbucket.org/ritt/elog/commits/f81e5695c40997322fe2713bfdeba459d9de09dc"
},
{
"name": "url",
"url": "https://elog.psi.ch/elog/download/RPMS/?C=M;O=D"
},
{
"name": "url",
"url": "https://bitbucket.org/ritt/elog/commits/7092ff64f6eb9521f8cc8c52272a020bf3730946"
},
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-304-01.json"
},
{
"name": "url",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62618"
}
],
"title": "ELOG file upload stored XSS"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2025-62618",
"datePublished": "2025-10-31T18:31:06.652Z",
"dateReserved": "2025-10-16T19:38:59.151Z",
"dateUpdated": "2025-11-04T15:58:06.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52543 (GCVE-0-2025-52543)
Vulnerability from cvelistv5 – Published: 2025-09-02 11:24 – Updated: 2025-09-02 13:43- CWE-836 - Use of Password Hash Instead of Password for Authentication
| Vendor | Product | Version | |
|---|---|---|---|
| Copeland LP | E3 Supervisory Control |
Affected:
0 , < 2.31F01
(firmware)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T13:36:46.415263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T13:43:02.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "E3 Supervisory Control",
"vendor": "Copeland LP",
"versions": [
{
"lessThan": "2.31F01",
"status": "affected",
"version": "0",
"versionType": "firmware"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Armis Labs"
}
],
"datePublic": "2025-07-29T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "E3 Site Supervisor Control (firmware version \u0026lt; 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash."
}
],
"value": "E3 Site Supervisor Control (firmware version \u003c 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-836",
"description": "CWE-836 Use of Password Hash Instead of Password for Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T11:24:32.443Z",
"orgId": "dd59f033-460c-4b88-a075-d4d3fedb6191",
"shortName": "Armis"
},
"references": [
{
"url": "https://www.armis.com/research/frostbyte10/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade firmware of affected E3 Supervisory Controls to a version \u0026gt; 2.30F1.\u003cbr\u003e"
}
],
"value": "Upgrade firmware of affected E3 Supervisory Controls to a version \u003e 2.30F1."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Login to the application services using only the password hash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Restrict access to the E3 Supervisory Controls network interface (ETH 0) by use of restricted VLAN or subnet and / or network firewall. Ensure the restricted VLAN or subnet is never accessible from untrusted networks."
}
],
"value": "Restrict access to the E3 Supervisory Controls network interface (ETH 0) by use of restricted VLAN or subnet and / or network firewall. Ensure the restricted VLAN or subnet is never accessible from untrusted networks."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dd59f033-460c-4b88-a075-d4d3fedb6191",
"assignerShortName": "Armis",
"cveId": "CVE-2025-52543",
"datePublished": "2025-09-02T11:24:32.443Z",
"dateReserved": "2025-06-17T17:29:21.841Z",
"dateUpdated": "2025-09-02T13:43:02.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48925 (GCVE-0-2025-48925)
Vulnerability from cvelistv5 – Published: 2025-05-28 00:00 – Updated: 2025-07-01 19:48 Exclusively Hosted Service- CWE-836 - Use of Password Hash Instead of Password for Authentication
| Vendor | Product | Version | |
|---|---|---|---|
| TeleMessage | service |
Affected:
0 , ≤ 2025-05-05
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T15:38:00.800591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T15:38:12.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "service",
"vendor": "TeleMessage",
"versions": [
{
"lessThanOrEqual": "2025-05-05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-836",
"description": "CWE-836 Use of Password Hash Instead of Password for Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T19:48:30.412Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/"
}
],
"tags": [
"exclusively-hosted-service"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-48925",
"datePublished": "2025-05-28T00:00:00.000Z",
"dateReserved": "2025-05-28T00:00:00.000Z",
"dateUpdated": "2025-07-01T19:48:30.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39546 (GCVE-0-2023-39546)
Vulnerability from cvelistv5 – Published: 2023-11-17 05:31 – Updated: 2024-08-29 14:33- CWE-836 - Use of password hash instead of password for authentication
| Vendor | Product | Version | |
|---|---|---|---|
| NEC Corporation | CLUSTERPRO X (EXPRESSCLUSTER X) |
Affected:
1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1
|
|
| NEC Corporation | CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe) |
Affected:
1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:21.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:33:00.592206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:33:29.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X (EXPRESSCLUSTER X)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
},
{
"product": "CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mr. David Levard in Videotron."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\u003c/p\u003e"
}
],
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-836",
"description": "CWE-836 Use of password hash instead of password for authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-24T11:49:51.705Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2023-39546",
"datePublished": "2023-11-17T05:31:08.331Z",
"dateReserved": "2023-08-04T07:22:19.322Z",
"dateUpdated": "2024-08-29T14:33:29.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34132 (GCVE-0-2023-34132)
Vulnerability from cvelistv5 – Published: 2023-07-13 02:24 – Updated: 2025-02-13 16:55- CWE-836 - Use of Password Hash Instead of Password for Authentication
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:53.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://www.sonicwall.com/support/notices/230710150218060"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34132",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:15:29.760186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T19:15:42.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GMS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "9.3.2-SP1 and earlier versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Analytics",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "2.5.0.4-R7 and earlier versions"
}
]
}
],
"datePublic": "2023-07-12T23:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions."
}
],
"value": "Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-836",
"description": "CWE-836 Use of Password Hash Instead of Password for Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-08T22:06:23.649Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010"
},
{
"tags": [
"related"
],
"url": "https://www.sonicwall.com/support/notices/230710150218060"
},
{
"url": "http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2023-34132",
"datePublished": "2023-07-13T02:24:25.820Z",
"dateReserved": "2023-05-25T22:45:46.852Z",
"dateUpdated": "2025-02-13T16:55:19.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23614 (GCVE-0-2023-23614)
Vulnerability from cvelistv5 – Published: 2023-01-26 10:15 – Updated: 2025-03-10 21:19| URL | Tags |
|---|---|
| https://github.com/pi-hole/AdminLTE/security/advi… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-33w4-xf7m-f82m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-33w4-xf7m-f82m"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23614",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:01:04.210772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:19:20.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AdminLTE",
"vendor": "pi-hole",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.0, \u003e= 5.18.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pi-hole\u00ae\u0027s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as \"Remember me for 7 days\" cookie value makes it possible for an attacker to \"pass the hash\" to login or reuse a theoretically expired \"remember me\" cookie. It also exposes the hash over the network and stores it unnecessarily in the browser. The cookie itself is set to expire after 7 days but its value will remain valid as long as the admin password doesn\u0027t change. If a cookie is leaked or compromised it could be used forever as long as the admin password is not changed. An attacker that obtained the password hash via an other attack vector (for example a path traversal vulnerability) could use it to login as the admin by setting the hash as the cookie value without the need to crack it to obtain the admin password (pass the hash). The hash is exposed over the network and in the browser where the cookie is transmitted and stored. This issue is patched in version 5.18.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-836",
"description": "CWE-836: Use of Password Hash Instead of Password for Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T10:15:21.120Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-33w4-xf7m-f82m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-33w4-xf7m-f82m"
}
],
"source": {
"advisory": "GHSA-33w4-xf7m-f82m",
"discovery": "UNKNOWN"
},
"title": "Improper session handling of \"Remember me for 7 days\" functionality"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23614",
"datePublished": "2023-01-26T10:15:21.120Z",
"dateReserved": "2023-01-16T17:07:46.242Z",
"dateUpdated": "2025-03-10T21:19:20.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-644: Use of Captured Hashes (Pass The Hash)
An adversary obtains (i.e. steals or purchases) legitimate Windows domain credential hash values to access systems within the domain that leverage the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols.
CAPEC-652: Use of Known Kerberos Credentials
An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain.