Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vasion Print (formerly PrinterLogic) Insecure Password Hashing
Vulnerability Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's `hash()` function in multiple files (server_write_requests_users.php, update_database.php, legacy/Login.php, tests/Unit/Api/IdpControllerTest.php). No per-user salt is used and the fast hash algorithms are unsuitable for password storage. An attacker who obtains the password database can recover cleartext passwords via offline dictionary or rainbow table attacks. The vulnerable code also contains logic that migrates legacy SHA-1 hashes to SHA-512 on login, further exposing users still on the old hash. This vulnerability was partially resolved, but still present within the legacy authentication platform.
CVSS Information
N/A
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Vulnerability Title
Vasion Print 安全漏洞
Vulnerability Description
Vasion Print是Vasion公司的一款基于 SaaS 的云托管应用程序,用于管理和部署打印机。 Vasion Print Virtual Appliance Host和Application存在安全漏洞,该漏洞源于使用未加盐SHA-512哈希和未加盐SHA-1哈希存储用户密码,攻击者获取密码数据库后可通过离线字典或彩虹表攻击恢复明文密码。
CVSS Information
N/A
Vulnerability Type
N/A