Vulnerability Details CVE-2020-36968
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.7%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2020-36968
-
cpe:2.3:a:tildeslash:m/monit:3.7.4