CVE-2020-36968 — Insufficiently Protected Credentials in LTD M Monit

CWE-522 — Insufficiently Protected Credentials6 documents5 sources

Severity

7.1HIGHNVD

EPSS

0.2%

top 54.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tildeslash LTD M Monit Tildeslash M Monit Debian Monit

Timeline

PublishedJan 28

Description

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶debiandebian/monit

▶NVDtildeslash/m_monit3.7.4

▶CVEListV5tildeslash_ltd/m_monit3.7.4

🔴Vulnerability Details

GHSA

GHSA-r4vc-qvp9-9h22: M/Monit 3↗2026-01-28

▶

OSV

CVE-2020-36968: M/Monit 3↗2026-01-28

▶

📋Vendor Advisories

Debian

CVE-2020-36968: monit - M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated...↗2020

▶

🕵️Threat Intelligence

Wiz

CVE-2020-36968 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2020-36969 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶