← voltar
CVE-2024-8453

PLANET Technology switch devices - Weak hash for users' passwords

CVSS 4.9 MEDIUMEPSS 0.3%CWE-328CWE-759
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
PLANET Technology · GS-4210-24P2S hardware 3.0PLANET Technology · GS-4210-24PL4C hardware 2.0

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.twcert.org.tw/en/cp-139-8056-09688-2.htmlhttps://www.twcert.org.tw/tw/cp-132-8055-2c361-1.html