Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-36968

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.

Published

2026-01-28T18:16:47.147

Last Modified

2026-02-03T15:42:57.443

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tildeslash	m\/monit	3.7.4	Yes

References

https://mmonit.com/ Product ([email protected])
https://www.exploit-db.com/exploits/49081 Exploit, Third Party Advisory, VDB Entry ([email protected])
https://www.vulncheck.com/advisories/mmonit-password-disclosure Third Party Advisory ([email protected])