CVE-2010-2468
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
25/06/2010
Last modified:
11/04/2025
Description
The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:s2sys:netbox:2.5:*:*:*:*:*:*:* | ||
| cpe:2.3:h:s2sys:netbox:3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:linearcorp:emerge_50:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:linearcorp:emerge_5000:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonitrol:eaccess:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://blip.tv/file/3414004
- http://www.darkreading.com/blog/archives/2010/04/attacking_door.html
- http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2
- http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59827
- http://blip.tv/file/3414004
- http://www.darkreading.com/blog/archives/2010/04/attacking_door.html
- http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2
- http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59827