Executive Summary

Informations
Name CVE-2019-20457 First vendor Publication 2024-11-07
Vendor Cve Last vendor Modification 2024-11-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD5 hash of the password in hexadecimal. An attacker can easily derive the true MD5 hash from this, and use offline cracking attacks to obtain administrative access to the device.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20457

Sources (Detail)

https://global.brother
https://seclists.org/fulldisclosure/2024/Jul/14
https://support.brother.com/g/s/security/en/index.html
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2024-11-08 21:27:29
  • Multiple Updates
2024-11-07 21:27:28
  • First insertion