CVE-2017-3962 — Use of Password Hash With Insufficient Computational Effort in Network Security Management

CWE-916 — Use of Password Hash With Insufficient Computational Effort2 documents2 sources

Severity

9.8CRITICALNVD

EPSS

0.0%

top 85.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Network Security Management Mcafee Network Security Manager

Timeline

PublishedJun 12

Latest updateMay 13

Description

Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5mcafee/network_security_management8 — 8.2.7.42.2

▶NVDmcafee/network_security_manager< 8.2.7.42.2

🔴Vulnerability Details

GHSA

GHSA-r8g7-cpmm-qmhp: Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before↗2022-05-13

▶