CVE-2021-23857: Login with hash

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-23857

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Source: NVD (National Vulnerability Database)

Vulnerability Description

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

在认证机制中使用口令哈希代替口令

Source: NVD (National Vulnerability Database)

Vulnerability Title

Bosch Rexroth IndraMotion Mlc 授权问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Bosch Rexroth Rexroth IndraMotion Mlc是德国博世力士乐（Bosch Rexroth）公司的一种将运动与逻辑控制，以及机器人控制相结合的新型设备。 Rexroth IndraMotion Mlc 存在安全漏洞，该漏洞源于网络系统或产品未正确使用相关密码算法，导致内容未正确加密、弱加密、明文存储敏感信息等。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Rexroth	IndraMotion MLC L25, L45, L65, L75, L85, XM21, XM22, XM41 and XM42 IndraMotion XLC	12 VRS ~ unspecified	-
Rexroth	IndraMotion MLC L20, L40	12 VRS ~ unspecified	-

II. Public POCs for CVE-2021-23857

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-23857

Please Login to view more intelligence information

https://psirt.bosch.com/security-advisories/bosch-sa-741752.htmlx_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2021-23857

IV. Related Vulnerabilities

Same vendor: Rexroth

Same weakness: CWE-836

V. Comments for CVE-2021-23857

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-23857

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-23857

III. Intelligence Information for CVE-2021-23857

IV. Related Vulnerabilities

V. Comments for CVE-2021-23857

Leave a comment