CVE-2026-46749
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified in SINEC INS (all versions < V1.0 SP2 Update 6) that uses a password hashing implementation with a static, hardcoded salt shared across all users and installations. The configuration with an insufficient number of iterations may allow an attacker to efficiently recover user passwords.
Risk Assessment
This vulnerability could lead to unauthorized access to user accounts, posing a serious security threat to the organization.
Recommendation
It is recommended to update SINEC INS to version V1.0 SP2 Update 6 or later and to implement a stronger password hashing method with unique salts for each user.
Original NVD description (English source)
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access.

