CVE-2026-46749
7.5 HIGHA vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6)
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
- CWE
- CWE-760
Description
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-9370 — A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4 (3.7 LOW)
- CVE-2020-28214 — A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could ... (5.5 MEDIUM)