{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T13:25:13.112","vulnerabilities":[{"cve":{"id":"CVE-2019-25030","sourceIdentifier":"support@hackerone.com","published":"2021-05-26T19:15:08.813","lastModified":"2024-11-21T04:39:46.803","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as \"rainbow tables\") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible."},{"lang":"es","value":"En Versa Director, Versa Analytics y VOS, las contraseñas son procesadas usando una función hash criptográfica adaptativa o una función de derivation de clave antes del almacenamiento. Los algoritmos de hash populares basados ??en la construcción Merkle-Damgard (como MD5 y SHA-1) por sí solos son insuficientes para frustrar el descifrado de contraseñas. Unos atacantes pueden generar y utilizar hashes precalculados para todas las combinaciones posibles de caracteres de contraseña (comúnmente denominadas \"rainbow tables\") con relativa rapidez. El uso de algoritmos de hash adaptativos, como las funciones de derivación de claves de cifrado y cifrado (es decir, PBKDF2) para cifrar contraseñas, hace que la generación de tales rainbow tables sea computacionalmente inviable"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:versa-networks:versa_analytics:-:*:*:*:*:*:*:*","matchCriteriaId":"1D5BC5CF-B979-4689-BD33-45A8E8D16375"},{"vulnerable":true,"criteria":"cpe:2.3:a:versa-networks:versa_director:-:*:*:*:*:*:*:*","matchCriteriaId":"4DE5070B-93B9-478C-999C-2E0D4B66868C"},{"vulnerable":true,"criteria":"cpe:2.3:o:versa-networks:versa_operating_system:-:*:*:*:*:*:*:*","matchCriteriaId":"02ECA632-35D4-4CCC-87D2-8160EC077EB7"}]}]}],"references":[{"url":"https://hackerone.com/reports/1168197","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/1168197","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}