CVE Catalog

CVE-2026-46749

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability has been identified in SINEC INS (all versions < V1.0 SP2 Update 6) that uses a password hashing implementation with a static, hardcoded salt shared across all users and installations. The configuration with an insufficient number of iterations may allow an attacker to efficiently recover user passwords.

Risk Assessment

This vulnerability could lead to unauthorized access to user accounts, posing a serious security threat to the organization.

Recommendation

It is recommended to update SINEC INS to version V1.0 SP2 Update 6 or later and to implement a stronger password hashing method with unique salts for each user.

Original NVD description (English source)

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS