Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and…
bosch·CWE-916·Published 2021-01-25
Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.
Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.
El uso del Hash de Contraseña con un Esfuerzo Computacional Insuficiente en la base de datos del servidor Bosch FSM-2500 y el servidor Bosch FSM-5000 versiones hasta 5.2 incluyéndola, permite a un atacante remoto con privilegios de administrador descargar unas credenciales de otros usuarios y posiblemente recuperar sus contraseñas de texto plano mediante la fuerza bruta del hash MD5
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.0 | 8.0 | 2.9 | AV:N/AC:L/Au:S/C:P/I:N/A:N |
| 3.1 | Primary | NVD | 4.9 | 1.2 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Primary | cve.org | 4.4 | — | — | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Primary | cve.org | 4.4 | — | — | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Secondary | NVD | 4.4 | 0.7 | 3.6 | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |