Use of Password Hash With Insufficient Computational Effort

CVE-2019-20575

Medium

5.4/10

Summary

An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019).

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-916 - Use of Password Hash With Insufficient Computational Effort

The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

References

Advisory Timeline

Published Mar 24, 2020

Use of Password Hash With Insufficient Computational Effort

CVE-2019-20575

Summary

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS