CVE-2006-4068
Pswd.js - Credentials Management
Title source: ruleDescription
The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this script might also allow attackers to generate the server-side "secret" URL without determining the original password, but this possibility was not discussed by the original researcher.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Gianstefano Monni · cwebappsmultiple
https://www.exploit-db.com/exploits/28340
Scores
EPSS
0.0426
EPSS Percentile
88.9%
Details
CWE
CWE-255
Status
published
Products (1)
pswd.js/pswd.js
Published
Aug 10, 2006
Tracked Since
Feb 18, 2026