CVE-2014-2354 - OpenCVE

Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cogentdatahub	Cogent Datahub

Configuration 1 [-]

OR	cpe:2.3:a:cogentdatahub:cogent_datahub::::::::
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.2.2:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.0:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.1:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.2:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.3:::::::*

References

Link	Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02	US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2014-05-30T23:00:00

Updated: 2014-05-30T23:57:00

Reserved: 2014-03-13T00:00:00

Link: CVE-2014-2354

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-05-30T23:55:02.987

Modified: 2014-06-05T12:40:41.283

Link: CVE-2014-2354

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A416FED-E221-48CE-8AFB-D822C6C8E4FF", "versionEndIncluding": "7.3.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*", "matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F2724B2F-49B9-4423-A8D5-95B1E81DDEF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "C414FB06-9100-4BB9-9F5C-A31946C11E84", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D881278E-D6B8-4147-91BA-4EBE049B0C70", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3142AD5D-E5E1-447B-8FCD-444A31D62437", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "321C4D3C-67FF-4284-A569-8359B58FC2FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "0B5C1FCA-D64E-4C12-B3A4-4200F95C6315", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack."}, {"lang": "es", "value": "Cogent DataHub anterior a 7.3.5 no utiliza un salt durante la creaci\u00f3n de hash de contrase\u00f1as, lo que facilita a atacantes dependientes de contexto obtener contrase\u00f1as de texto claro a trav\u00e9s de un ataque de fuerza bruta."}], "id": "CVE-2014-2354", "lastModified": "2014-06-05T12:40:41.283", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-30T23:55:02.987", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}