Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHackeroneCVELIST:CVE-2019-25030
HistoryMay 26, 2021 - 6:45 p.m.

CVE-2019-25030

2021-05-2618:45:38
CWE-522
hackerone
www.cve.org
2
versa director
versa analytics
vos
passwords
cryptographic hash
key derivation
rainbow tables
md5
sha-1
adaptive hashing
pbkdf2

EPSS

0

Percentile

12.6%

JSON

In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as “rainbow tables”) relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible.

CNA Affected

[
  {
    "product": "Versa Director, Versa Analytics, Versa VOS",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed Versions: 16.1R2S11, 20.2.2, 21.1.1, 21.2.1"
      }
    ]
  }
]

Related

hackerone 1
cve 1
nvd 1
prion 1
hackerone
hackerone
Versa Networks: Passwords Stored Insecurely
2019-02-20 00:00:00
cve
cve
CVE-2019-25030
2021-05-26 19:15:08
nvd
nvd
CVE-2019-25030
2021-05-26 19:15:08
prion
prion
Design/Logic Flaw
2021-05-26 19:15:00

EPSS

0

Percentile

12.6%

JSON
Related for CVELIST:CVE-2019-25030
hackerone1cve1nvd1prion1