CWE-916
Use of Password Hash With Insufficient Computational Effort
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
CVE-2022-24041 (GCVE-0-2022-24041)
Vulnerability from cvelistv5 – Published: 2022-05-10 09:46 – Updated: 2024-08-03 03:59
VLAI
Summary
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users.
Severity
No CVSS data available.
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Desigo DXR2 |
Affected:
All versions < V01.21.142.5-22
|
|
| Siemens | Desigo PXC3 |
Affected:
All versions < V01.21.142.4-18
|
|
| Siemens | Desigo PXC4 |
Affected:
All versions < V02.20.142.10-10884
|
|
| Siemens | Desigo PXC5 |
Affected:
All versions < V02.20.142.10-10884
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Desigo DXR2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V01.21.142.5-22"
}
]
},
{
"product": "Desigo PXC3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V01.21.142.4-18"
}
]
},
{
"product": "Desigo PXC4",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V02.20.142.10-10884"
}
]
},
{
"product": "Desigo PXC5",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V02.20.142.10-10884"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Desigo DXR2 (All versions \u003c V01.21.142.5-22), Desigo PXC3 (All versions \u003c V01.21.142.4-18), Desigo PXC4 (All versions \u003c V02.20.142.10-10884), Desigo PXC5 (All versions \u003c V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916: Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T09:21:31.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-24041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Desigo DXR2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V01.21.142.5-22"
}
]
}
},
{
"product_name": "Desigo PXC3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V01.21.142.4-18"
}
]
}
},
{
"product_name": "Desigo PXC4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V02.20.142.10-10884"
}
]
}
},
{
"product_name": "Desigo PXC5",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V02.20.142.10-10884"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Desigo DXR2 (All versions \u003c V01.21.142.5-22), Desigo PXC3 (All versions \u003c V01.21.142.4-18), Desigo PXC4 (All versions \u003c V02.20.142.10-10884), Desigo PXC5 (All versions \u003c V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-916: Use of Password Hash With Insufficient Computational Effort"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-24041",
"datePublished": "2022-05-10T09:46:49.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:59:23.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26115 (GCVE-0-2022-26115)
Vulnerability from cvelistv5 – Published: 2023-02-16 18:07 – Updated: 2024-10-22 20:49
VLAI
Summary
A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.
Severity
CWE
- CWE-916 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSandbox |
Affected:
4.0.0 , ≤ 4.0.2
(semver)
Affected: 3.2.0 , ≤ 3.2.3 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-20-220",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-20-220"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:18:30.750261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:49:13.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.2.3",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the\u00a0password database to efficiently mount bulk guessing attacks to recover the passwords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T18:07:32.040Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-20-220",
"url": "https://fortiguard.com/psirt/FG-IR-20-220"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSandbox version 4.2.0 and above."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-26115",
"datePublished": "2023-02-16T18:07:32.040Z",
"dateReserved": "2022-02-25T14:18:24.278Z",
"dateUpdated": "2024-10-22T20:49:13.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40258 (GCVE-0-2022-40258)
Vulnerability from cvelistv5 – Published: 2023-01-31 00:53 – Updated: 2025-03-27 17:18
VLAI
Title
Weak password hashes for Redfish & API
Summary
AMI Megarac Weak password hashes for
Redfish & API
Severity
5.3 (Medium)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMI | MegaRAC SPx-12 |
Affected:
0 , ≤ SPx12-Update-6.00
(Custom)
|
|
| AMI | MegaRAC SPx-13 |
Affected:
0 , ≤ SPx13-Update-4.00
(Custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023001.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230731-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T17:18:13.319493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T17:18:26.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MegaRAC SPx-12",
"vendor": "AMI",
"versions": [
{
"lessThanOrEqual": "SPx12-Update-6.00",
"status": "affected",
"version": "0",
"versionType": "Custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MegaRAC SPx-13",
"vendor": "AMI",
"versions": [
{
"lessThanOrEqual": "SPx13-Update-4.00",
"status": "affected",
"version": "0",
"versionType": "Custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Vlad Bakin from Eclypsium Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AMI Megarac Weak password hashes for\nRedfish \u0026amp; API"
}
],
"value": "AMI Megarac Weak password hashes for\nRedfish \u0026 API"
}
],
"impacts": [
{
"capecId": "CAPEC-55",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-55 Rainbow Table Password Cracking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T18:06:51.185Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023001.pdf"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230731-0008/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AMI-SA-2023001\u003cbr\u003e"
}
],
"value": "AMI-SA-2023001"
}
],
"source": {
"advisory": "AMI-SA-2023001",
"discovery": "UNKNOWN"
},
"title": "Weak password hashes for Redfish \u0026 API",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2022-40258",
"datePublished": "2023-01-31T00:53:48.188Z",
"dateReserved": "2022-09-08T19:14:18.696Z",
"dateUpdated": "2025-03-27T17:18:26.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40295 (GCVE-0-2022-40295)
Vulnerability from cvelistv5 – Published: 2022-10-31 20:08 – Updated: 2024-08-03 12:14
VLAI
Title
Authenticated sensitive information disclosure in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.
Summary
The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.
Severity
No CVSS data available.
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHP Point of Sale LLC | PHP Point of Sale |
Affected:
19.0
|
Date Public
2022-10-28 13:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:40.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.themissinglink.com.au/security-advisories/cve-2022-40295",
"tags": [
"x_transferred"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2022-40295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PHP Point of Sale",
"vendor": "PHP Point of Sale LLC",
"versions": [
{
"status": "affected",
"version": "19.0"
}
]
}
],
"datePublic": "2022-10-28T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eThe application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.\u003c/span\u003e"
}
],
"value": "The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks."
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T08:26:47.937Z",
"orgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"shortName": "TML"
},
"references": [
{
"name": "https://www.themissinglink.com.au/security-advisories/cve-2022-40295",
"url": "https://www.themissinglink.com.au/security-advisories/cve-2022-40295"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authenticated sensitive information disclosure in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"assignerShortName": "TML",
"cveId": "CVE-2022-40295",
"datePublished": "2022-10-31T20:08:53.909Z",
"dateReserved": "2022-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T12:14:40.090Z",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47557 (GCVE-0-2022-47557)
Vulnerability from cvelistv5 – Published: 2023-09-19 12:54 – Updated: 2024-08-03 14:55 Unsupported When Assigned
VLAI
Title
Use of Password Hash With Insufficient Computational Effort in Ormazabal products
Summary
Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions.
Severity
6.1 (Medium)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
1 reference
Impacted products
Date Public
2023-08-22 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T19:20:00.767578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T19:20:07.461Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:55:08.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ekorCCP",
"vendor": "Ormazabal",
"versions": [
{
"status": "affected",
"version": "601j"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ekorRCI",
"vendor": "Ormazabal",
"versions": [
{
"status": "affected",
"version": "601j"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jacinto Moral Matell\u00e1n"
}
],
"datePublic": "2023-08-22T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions."
}
],
"value": "Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T12:54:52.788Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ormazabal recommends upgrading to updated models."
}
],
"value": "Ormazabal recommends upgrading to updated models."
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Use of Password Hash With Insufficient Computational Effort in Ormazabal products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47557",
"datePublished": "2023-09-19T12:54:52.788Z",
"dateReserved": "2022-12-19T16:35:50.461Z",
"dateUpdated": "2024-08-03T14:55:08.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27580 (GCVE-0-2023-27580)
Vulnerability from cvelistv5 – Published: 2023-03-13 17:14 – Updated: 2025-02-25 14:58
VLAI
Title
CodeIgniter Shield Password Shucking Vulnerability
Summary
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user's hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user's password. Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all users’ hashed passwords should be updated (saved to the database). There are no known workarounds.
Severity
7.5 (High)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/codeigniter4/shield/security/a… | x_refsource_CONFIRM |
| https://github.com/codeigniter4/shield/commit/ea9… | x_refsource_MISC |
| https://blog.ircmaxell.com/2015/03/security-issue… | x_refsource_MISC |
| https://cheatsheetseries.owasp.org/cheatsheets/Pa… | x_refsource_MISC |
| https://github.com/codeigniter4/shield/blob/devel… | x_refsource_MISC |
| https://www.scottbrady91.com/authentication/bewar… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| codeigniter4 | shield |
Affected:
< 1.0.0-beta.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/codeigniter4/shield/security/advisories/GHSA-c5vj-f36q-p9vg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/codeigniter4/shield/security/advisories/GHSA-c5vj-f36q-p9vg"
},
{
"name": "https://github.com/codeigniter4/shield/commit/ea9688dd01d100193d834117dbfc2cfabcf9ea0b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/codeigniter4/shield/commit/ea9688dd01d100193d834117dbfc2cfabcf9ea0b"
},
{
"name": "https://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html"
},
{
"name": "https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pre-hashing-passwords",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pre-hashing-passwords"
},
{
"name": "https://github.com/codeigniter4/shield/blob/develop/UPGRADING.md",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/codeigniter4/shield/blob/develop/UPGRADING.md"
},
{
"name": "https://www.scottbrady91.com/authentication/beware-of-password-shucking",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.scottbrady91.com/authentication/beware-of-password-shucking"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:31:16.695445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:58:30.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "shield",
"vendor": "codeigniter4",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.0-beta.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user\u0027s hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user\u0027s password. Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all users\u2019 hashed passwords should be updated (saved to the database). There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916: Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-13T17:14:58.687Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/codeigniter4/shield/security/advisories/GHSA-c5vj-f36q-p9vg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/codeigniter4/shield/security/advisories/GHSA-c5vj-f36q-p9vg"
},
{
"name": "https://github.com/codeigniter4/shield/commit/ea9688dd01d100193d834117dbfc2cfabcf9ea0b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/codeigniter4/shield/commit/ea9688dd01d100193d834117dbfc2cfabcf9ea0b"
},
{
"name": "https://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html"
},
{
"name": "https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pre-hashing-passwords",
"tags": [
"x_refsource_MISC"
],
"url": "https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pre-hashing-passwords"
},
{
"name": "https://github.com/codeigniter4/shield/blob/develop/UPGRADING.md",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/codeigniter4/shield/blob/develop/UPGRADING.md"
},
{
"name": "https://www.scottbrady91.com/authentication/beware-of-password-shucking",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.scottbrady91.com/authentication/beware-of-password-shucking"
}
],
"source": {
"advisory": "GHSA-c5vj-f36q-p9vg",
"discovery": "UNKNOWN"
},
"title": "CodeIgniter Shield Password Shucking Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27580",
"datePublished": "2023-03-13T17:14:58.687Z",
"dateReserved": "2023-03-04T01:03:53.633Z",
"dateUpdated": "2025-02-25T14:58:30.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34433 (GCVE-0-2023-34433)
Vulnerability from cvelistv5 – Published: 2023-07-06 23:06 – Updated: 2024-11-14 14:02
VLAI
Title
PiiGAB M-Bus Use of Password Hash With Insufficient Computational Effort
Summary
PiiGAB M-Bus stores passwords using a weak hash algorithm.
Severity
7.5 (High)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PiiGAB | M-Bus SoftwarePack |
Affected:
900S
|
Date Public
2023-07-06 22:42
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:piigab:m-bus_900s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "m-bus_900s",
"vendor": "piigab",
"versions": [
{
"status": "affected",
"version": "900s"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T14:02:20.350768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T14:02:50.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "M-Bus SoftwarePack",
"vendor": "PiiGAB ",
"versions": [
{
"status": "affected",
"version": "900S"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Floris Hendriks and Jeroen Wijenbergh of Radboud University reported these vulnerabilities to CISA."
}
],
"datePublic": "2023-07-06T22:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePiiGAB M-Bus stores passwords using a weak hash algorithm.\u003c/span\u003e\n\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\nPiiGAB M-Bus stores passwords using a weak hash algorithm.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T23:06:34.227Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePiiGAB created updated software to address these issues and encourages users to install the new update on their own gateway. The new software packages can be downloaded directly from the web UI in the gateway and older gateways can download it from \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.piigab.se/\"\u003ePiigab.se\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.piigab.com/\"\u003ePiigab.com\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nPiiGAB created updated software to address these issues and encourages users to install the new update on their own gateway. The new software packages can be downloaded directly from the web UI in the gateway and older gateways can download it from Piigab.se http://www.piigab.se/ \u00a0or Piigab.com https://www.piigab.com/ .\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PiiGAB M-Bus Use of Password Hash With Insufficient Computational Effort",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnsure the least-privilege user principle is followed.\u003c/li\u003e\u003cli\u003eSet unique and secure passwords for all products requiring authentication.\u003c/li\u003e\u003cli\u003eMinimize network exposure for all control system devices and/or systems, and ensure they are \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01\"\u003enot accessible from the Internet\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eLocate control system networks and remote devices behind firewalls and isolate them from business networks.\u003c/li\u003e\u003cli\u003eWhen remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Ensure the least-privilege user principle is followed.\n * Set unique and secure passwords for all products requiring authentication.\n * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 .\n * Locate control system networks and remote devices behind firewalls and isolate them from business networks.\n * When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-34433",
"datePublished": "2023-07-06T23:06:34.227Z",
"dateReserved": "2023-06-27T16:55:52.771Z",
"dateUpdated": "2024-11-14T14:02:50.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46133 (GCVE-0-2023-46133)
Vulnerability from cvelistv5 – Published: 2023-10-25 20:48 – Updated: 2024-09-10 14:08
VLAI
Title
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Summary
CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 2.1.0 contains a patch for this issue. As a workaround, configure CryptoES to use SHA256 with at least 250,000 iterations.
Severity
9.1 (Critical)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/entronad/crypto-es/security/ad… | x_refsource_CONFIRM |
| https://github.com/entronad/crypto-es/commit/d506… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/entronad/crypto-es/security/advisories/GHSA-mpj8-q39x-wq5h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/entronad/crypto-es/security/advisories/GHSA-mpj8-q39x-wq5h"
},
{
"name": "https://github.com/entronad/crypto-es/commit/d506677fae3d03a454b37ad126e0c119d416b757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/entronad/crypto-es/commit/d506677fae3d03a454b37ad126e0c119d416b757"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:entronad:cryptoes:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cryptoes",
"vendor": "entronad",
"versions": [
{
"lessThan": "2.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:59:03.749598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:08:02.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "crypto-es",
"vendor": "entronad",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a \u0027strength\u0027 or \u0027difficulty\u0027 value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 2.1.0 contains a patch for this issue. As a workaround, configure CryptoES to use SHA256 with at least 250,000 iterations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328: Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916: Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T20:49:28.040Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/entronad/crypto-es/security/advisories/GHSA-mpj8-q39x-wq5h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/entronad/crypto-es/security/advisories/GHSA-mpj8-q39x-wq5h"
},
{
"name": "https://github.com/entronad/crypto-es/commit/d506677fae3d03a454b37ad126e0c119d416b757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/entronad/crypto-es/commit/d506677fae3d03a454b37ad126e0c119d416b757"
}
],
"source": {
"advisory": "GHSA-mpj8-q39x-wq5h",
"discovery": "UNKNOWN"
},
"title": "crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46133",
"datePublished": "2023-10-25T20:48:14.285Z",
"dateReserved": "2023-10-16T17:51:35.573Z",
"dateUpdated": "2024-09-10T14:08:02.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46233 (GCVE-0-2023-46233)
Vulnerability from cvelistv5 – Published: 2023-10-25 20:49 – Updated: 2025-02-13 17:14
VLAI
Title
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Summary
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.
Severity
9.1 (Critical)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/brix/crypto-js/security/adviso… | x_refsource_CONFIRM |
| https://github.com/brix/crypto-js/commit/421dd538… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2023… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf"
},
{
"name": "https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "crypto-js",
"vendor": "brix",
"versions": [
{
"status": "affected",
"version": "\u003c 4.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a \u0027strength\u0027 or \u0027difficulty\u0027 value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328: Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916: Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T20:06:16.347Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf"
},
{
"name": "https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html"
}
],
"source": {
"advisory": "GHSA-xwcq-pm8m-c4vf",
"discovery": "UNKNOWN"
},
"title": "crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46233",
"datePublished": "2023-10-25T20:49:31.582Z",
"dateReserved": "2023-10-19T20:34:00.946Z",
"dateUpdated": "2025-02-13T17:14:22.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4986 (GCVE-0-2023-4986)
Vulnerability from cvelistv5 – Published: 2023-09-15 14:31 – Updated: 2025-06-18 14:42
VLAI
Title
Supcon InPlant SCADA Project.xml unknown vulnerability
Summary
A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-239797 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-916 - Password Hash With Insufficient Computational Effort
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.239797 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.239797 | signaturepermissions-required |
| https://drive.google.com/file/d/1V_O95QddCGdZzYGg… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Supcon | InPlant SCADA |
Affected:
20230901
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.239797"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.239797"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1V_O95QddCGdZzYGgx7tkMOYQ5i_alv69/view?usp=drive_link"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-17T03:23:25.448551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T14:42:39.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InPlant SCADA",
"vendor": "Supcon",
"versions": [
{
"status": "affected",
"version": "20230901"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "01dgu0 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-239797 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Supcon InPlant SCADA bis 20230901 wurde eine problematische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei Project.xml. Durch Manipulieren mit unbekannten Daten kann eine password hash with insufficient computational effort-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:24:20.598Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.239797"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.239797"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1V_O95QddCGdZzYGgx7tkMOYQ5i_alv69/view?usp=drive_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-15T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-12T09:15:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "Supcon InPlant SCADA Project.xml unknown vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4986",
"datePublished": "2023-09-15T14:31:04.464Z",
"dateReserved": "2023-09-15T06:20:14.025Z",
"dateUpdated": "2025-06-18T14:42:39.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-51
Phase: Architecture and Design
Description:
- Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.
- Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.
- Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment's needs.
Mitigation ID: MIT-25
Phases: Implementation, Architecture and Design
Description:
- When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
CAPEC-55: Rainbow Table Password Cracking
An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system.