Security Advisory

CVE-2020-36968

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-28 17:35:10

Last updated 2026-03-05 01:27:12

Assigner VulnCheck

State PUBLISHED

Description

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.

← Browse all CVEs View on cve.org ↗