CVE-2019-0030

CWE-327 — Broken Cryptographic Algorithm CWE-9164 documents4 sources

Severity

7.2HIGH

EPSS

0.1%

top 79.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Juniper ATP Juniper Advanced Threat Prevention Firmware

Timeline

PublishedJan 15

Latest updateMay 13

Description

Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/juniper_atp5.0 — 5.0.3

▶NVDjuniper/advanced_threat_prevention_firmware5.0.0 — 5.0.3

🔴Vulnerability Details

GHSA

GHSA-4877-h7j8-9393: Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents↗2022-05-13

▶

CVEList

Juniper ATP: Password hashing uses DES and a hardcoded salt↗2019-01-15

▶

📋Vendor Advisories

Juniper

CVE-2019-0030: Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juni↗2019-01-15

▶