CVE-2014-2354

Cogent DataHub <7.3.5 - Info Disclosure

Title source: llm

Description

Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

References (3)

Core 3

Core References

US Government Resource

http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02

Various Sources

http://cogentdatahub.com/Download_Software.html

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02

Scores

EPSS 0.0069

EPSS Percentile 47.7%

Details

CWE

CWE-255 CWE-916

Status published

Products (13)

Cogent/DataHub < 7.3.5

cogentdatahub/cogent_datahub 7.0

cogentdatahub/cogent_datahub 7.0.2

cogentdatahub/cogent_datahub 7.1.0

cogentdatahub/cogent_datahub 7.1.1

cogentdatahub/cogent_datahub 7.1.1.63

cogentdatahub/cogent_datahub 7.1.2

cogentdatahub/cogent_datahub 7.2.2

cogentdatahub/cogent_datahub 7.3.0

cogentdatahub/cogent_datahub 7.3.1

... and 3 more

Published May 30, 2014

Tracked Since Feb 18, 2026