Unrated severityNVD Advisory· Published Jan 28, 2026· Updated Mar 5, 2026
M/Monit 3.7.4 - Password Disclosure
CVE-2020-36968
Description
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.
Affected products
2- Tildeslash Ltd./M/Monitv5Range: 3.7.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/49081mitreexploit
- www.vulncheck.com/advisories/mmonit-password-disclosuremitrethird-party-advisory
- mmonit.commitreproduct
News mentions
0No linked articles in our index yet.