漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes
Vulnerability Description
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. An attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration. Fixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes. This issue does not impact Prisma Access firewalls. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; All versions of PAN-OS 9.0; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
使用具有不充分计算复杂性的口令哈希
Vulnerability Title
Palo Alto Networks PAN-OS 安全漏洞
Vulnerability Description
Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一套为其防火墙设备开发的操作系统。 Palo Alto Networks PAN-OS 存在安全漏洞,该漏洞允许在正常(非fips - cc)操作模式下对帐户进行密码破解攻击。攻击者可利用该漏洞必须访问帐户密码散列才能利用这个弱点,如果他们能够访问PAN-OS软件配置,就可以获得这些散列。
CVSS Information
N/A
Vulnerability Type
N/A