Vulnerability in Merethis Centreon

CVE-2011-4432

www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.002 (46.2th percentile) — read the EPSS interpretation.

Affected products

Merethis Centreon — versions 1.4, 1.4.1, 1.4.2
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

cve@mitre.org (Exploit, x_refsource_MISC)
8530 (x_refsource_SREASON, third-party-advisory)