CVE-2021-23857
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rexroth | IndraMotion MLC L25, L45, L65, L75, L85, XM21, XM22, XM41 and XM42 IndraMotion XLC | 12 VRS < unspecified | affected |
| Rexroth | IndraMotion MLC L20, L40 | 12 VRS < unspecified | affected |
Weaknesses
- CWE-836: CWE-836 Use of Password Hash Instead of Password for Authentication
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.