CVE-2014-2354

Cogent DataHub <7.3.5 - Info Disclosure

Title source: llm

Description

Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

References (3)

[US Government Resource] http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02

[Various Sources] http://cogentdatahub.com/Download_Software.html

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02

Scores

EPSS 0.0010

EPSS Percentile 28.0%

Details

CWE

CWE-255 CWE-916

Status published

Products (13)

Cogent/DataHub < 7.3.5

cogentdatahub/cogent_datahub 7.0

cogentdatahub/cogent_datahub 7.0.2

cogentdatahub/cogent_datahub 7.1.0

cogentdatahub/cogent_datahub 7.1.1

cogentdatahub/cogent_datahub 7.1.1.63

cogentdatahub/cogent_datahub 7.1.2

cogentdatahub/cogent_datahub 7.2.2

cogentdatahub/cogent_datahub 7.3.0

cogentdatahub/cogent_datahub 7.3.1

... and 3 more

Published May 30, 2014

Tracked Since Feb 18, 2026