CVE-2019-0030

High

Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue…

juniper·CWE-327·Published 2019-01-15

CVSS

7.2

EPSS

0.01

KEV

Exploits

cve.orgen

186 chars

Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

NVDen

186 chars

Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

Juniper ATP emplea DES y una sal embebida para hashear contraseñas, lo que permite el "deshasheo" trivial del contenido del archivo de contraseñas. Este problema afecta a Juniper ATP en versiones 5.0 anteriores a la 5.0.3.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	8.0	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
3.0	Primary	cve.org	6.7	—	—	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3.0	Primary	cve.org	6.7	—	—	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3.0	Secondary	NVD	6.7	0.8	5.9	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H