By Risk Score
By Publish Date
By Recent Activity
brute force vulnerabilities and exploits
(subscribe to this query)
eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack....
1 Github repository available
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack....
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach....
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack....
389-ds-base version before 22.214.171.124 and 126.96.36.199 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts....
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords....
The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses....
Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name....
2 EDB exploits available
lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 188.8.131.52 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack....
business automation workflow
infosphere information server