CVE-2011-4432

www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
merethiscentreon
𝑥
≤ 2.3.1
merethiscentreon
1.4
merethiscentreon
1.4.1
merethiscentreon
1.4.2
merethiscentreon
1.4.2.1
merethiscentreon
1.4.2.2
merethiscentreon
1.4.2.3
merethiscentreon
1.4.2.4
merethiscentreon
1.4.2.5
merethiscentreon
1.4.2.6
merethiscentreon
1.4.2.7
merethiscentreon
2.0:b2
merethiscentreon
2.0:b3
merethiscentreon
2.0:b4
merethiscentreon
2.0:b5
merethiscentreon
2.0:b6
merethiscentreon
2.0:rc1
merethiscentreon
2.0:rc2
merethiscentreon
2.0:rc3
merethiscentreon
2.0:rc4
merethiscentreon
2.0:rc5
merethiscentreon
2.0.1
merethiscentreon
2.0.2
merethiscentreon
2.1.0
merethiscentreon
2.1.1
merethiscentreon
2.1.2
merethiscentreon
2.1.3
merethiscentreon
2.1.4
merethiscentreon
2.1.5
merethiscentreon
2.1.6
merethiscentreon
2.1.7
merethiscentreon
2.1.8
merethiscentreon
2.1.9
merethiscentreon
2.1.10
merethiscentreon
2.1.11
merethiscentreon
2.1.12
merethiscentreon
2.1.13
merethiscentreon
2.2
merethiscentreon
2.2:b1
merethiscentreon
2.2:rc1
merethiscentreon
2.2:rc2
merethiscentreon
2.2.1
merethiscentreon
2.2.2
merethiscentreon
2.3.0
merethiscentreon
2.3.0:rc3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://securityreason.com/securityalert/8530
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt
http://securityreason.com/securityalert/8530
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt