CVE-2021-23857
04.10.2021, 18:15
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.Enginsight
| Vendor | Product | Version |
|---|---|---|
| bosch | rexroth_indramotion_mlc_l20_firmware | 𝑥 ≤ 12 |
| bosch | rexroth_indramotion_mlc_l40_firmware | 𝑥 ≤ 12 |
| bosch | rexroth_indramotion_mlc_l25_firmware | 𝑥 ≤ 12 |
| bosch | rexroth_indramotion_mlc_l45_firmware | 𝑥 ≤ 12 |
| bosch | rexroth_indramotion_mlc_l65_firmware | 𝑥 ≤ 12 |
| bosch | rexroth_indramotion_mlc_l75_firmware | 𝑥 ≤ 12 |
| bosch | rexroth_indramotion_mlc_l85_firmware | 𝑥 ≤ 12 |
| bosch | rexroth_indramotion_mlc_xm22_firmware | 𝑥 ≤ 12 |
| bosch | rexroth_indramotion_mlc_xm21_firmware | 𝑥 ≤ 12 |
| bosch | rexroth_indramotion_mlc_xm41_firmware | 𝑥 ≤ 12 |
| bosch | rexroth_indramotion_mlc_xm42_firmware | 𝑥 ≤ 12 |
| bosch | rexroth_indramotion_xlc_firmware | 𝑥 ≤ 12 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-836 - Use of Password Hash Instead of Password for AuthenticationThe software records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.