CVE-2014-9251

Published: Dec 15, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the database, aka ZEN-15413.

Affected (20)

Products: Zenoss: Zenoss Core

Zenoss

1 product

Zenoss Core

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Zenoss Zenoss Core	Up to 5.0.0
Zenoss Zenoss Core	Version 2.4.0
Zenoss Zenoss Core	Version 2.4.5
Zenoss Zenoss Core	Version 2.5.0
Zenoss Zenoss Core	Version 2.5.1
Zenoss Zenoss Core	Version 2.5.2
Zenoss Zenoss Core	Version 3.0.0
Zenoss Zenoss Core	Version 3.0.1
Zenoss Zenoss Core	Version 3.0.2
Zenoss Zenoss Core	Version 3.0.3
Zenoss Zenoss Core	Version 3.1.0
Zenoss Zenoss Core	Version 3.2.0
Zenoss Zenoss Core	Version 3.2.1
Zenoss Zenoss Core	Version 4.2.0
Zenoss Zenoss Core	Version 4.2.3
Zenoss Zenoss Core	Version 4.2.4
Zenoss Zenoss Core	Version 4.2.5
Zenoss Zenoss Core	Version 5.0.0
Zenoss Zenoss Core	Version 5.0.0 beta_1
Zenoss Zenoss Core	Version 5.0.0 beta_2

Related CWEs

CWE-255

References (4)

http://www.kb.cert.org/vuls/id/449452

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Source: cret@cert.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/449452

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.