CVE-2020-6780 MEDIUM

CVE-2020-6780: Password Hash With Insufficient Computational Effort in the Database of Bosch FSM-2500 Server and Bosch FSM-5000 Server

Vendor Bosch
Product FSM-2500
Weakness CWE-916
Published January 25, 2021
Last update September 17, 2024

CVSS base score

4.4/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.

Key dates

02Disclosure timeline

January 25, 2021 CVE published
September 17, 2024 Record updated