CVE-2020-36968

MEDIUM

M/Monit 3.7.4 - Authenticated Password Hash Exposure via Admin API Endpoints

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36968. PoCs published by Dolev Farhi.

AI-analyzed exploit summary This exploit targets M/Monit 3.7.4 to disclose user password hashes via an authenticated API endpoint. It logs in with provided credentials and retrieves MD5 password hashes for all users.

Description

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.

Exploits (1)

exploitdb WORKING POC
by Dolev Farhi · pythonwebappsmultiple
https://www.exploit-db.com/exploits/49081

This exploit targets M/Monit 3.7.4 to disclose user password hashes via an authenticated API endpoint. It logs in with provided credentials and retrieves MD5 password hashes for all users.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: M/Monit 3.7.4
Auth required
Prerequisites: Valid credentials for M/Monit · Network access to the M/Monit API
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/49081
Product product
https://mmonit.com/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/mmonit-password-disclosure

Scores

CVSS v3 6.5
EPSS 0.0042
EPSS Percentile 33.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-522
Status published
Products (1)
tildeslash/m\/monit 3.7.4
Published Jan 28, 2026
Tracked Since Feb 18, 2026