Predictable Salt Vulnerability in Modicon M221

Predictable Salt Vulnerability in Modicon M221

CVE-2020-28214 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.

Learn more about our Web Application Penetration Testing UK.