Toshiba Global Commerce Solutions' 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed. (CWE-328)
Toshiba Global Commerce Solutions' 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed. (CWE-328) The ADXCRYPT algorithm that may be used for password hashing on the 4690 operating system is susceptible to known-plaintext attacks and hash collisions.
Additional details about this vulnerability may be found in Security Bulletin R1005054.
An attacker may be able to reverse or find a hashing collision for passwords hashed with ADXCRYPT and stored in the ADXCSOUF.DAT file.
Use "Enhanced Security"
Thanks to Brian Kamusinga and David Odell for reporting this vulnerability.
This document was written by Jared Allar.
|Date First Published:||2014-04-21|
|Date Last Updated:||2014-04-21 19:34 UTC|