Vulnerabilities > CVE-2021-23855 - Use of Password Hash With Insufficient Computational Effort vulnerability in Bosch products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

bosch

CWE-916

NVD

Published: 2021-10-04

Updated: 2021-10-12

Summary

The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables.

Vulnerable Configurations

Part	Description	Count
OS	Bosch Bosch Rexroth Indramotion XLC Firmware - Bosch Rexroth Indramotion MLC Firmware -	2
Hardware	Bosch Bosch Rexroth Indramotion XLC - Bosch Rexroth Indramotion MLC -	2

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

https://psirt.bosch.com/security-advisories/bosch-sa-741752.html