Use of Weak Hash

CVE-2024-8453

Medium

4.9/10

Summary

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-328 - Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

References

Advisory Timeline

Published Sep 30, 2024

Use of Weak Hash

CVE-2024-8453

Summary

CWE-328 - Use of Weak Hash

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS