漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Vasion Print (formerly PrinterLogic) Insecure Password Hashing
Vulnerability Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's `hash()` function in multiple files (server_write_requests_users.php, update_database.php, legacy/Login.php, tests/Unit/Api/IdpControllerTest.php). No per-user salt is used and the fast hash algorithms are unsuitable for password storage. An attacker who obtains the password database can recover cleartext passwords via offline dictionary or rainbow table attacks. The vulnerable code also contains logic that migrates legacy SHA-1 hashes to SHA-512 on login, further exposing users still on the old hash. This vulnerability was partially resolved, but still present within the legacy authentication platform.
CVSS Information
N/A
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Vulnerability Title
Vasion Print 安全漏洞
Vulnerability Description
Vasion Print是Vasion公司的一款基于 SaaS 的云托管应用程序,用于管理和部署打印机。 Vasion Print Virtual Appliance Host和Application存在安全漏洞,该漏洞源于使用未加盐SHA-512哈希和未加盐SHA-1哈希存储用户密码,攻击者获取密码数据库后可通过离线字典或彩虹表攻击恢复明文密码。
CVSS Information
N/A
Vulnerability Type
N/A