Use of Password Hash With Insufficient Computational Effort

CVE-2020-12069

High

9.8/10

Summary

In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the password-hashing feature requires insufficient computational effort.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-916 - Use of Password Hash With Insufficient Computational Effort

The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

References

Advisory Timeline

Published Dec 26, 2022

Use of Password Hash With Insufficient Computational Effort

CVE-2020-12069

Summary

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

Advisory Timeline

CodeBashing

JetBrains IDE

Wireshark