Unrated severityNVD Advisory· Published Jan 28, 2026· Updated Mar 5, 2026
M/Monit 3.7.4 - Password Disclosure
CVE-2020-36968
Description
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 3.7.4
- Tildeslash Ltd./M/Monitv5Range: 3.7.4
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/49081mitreexploit
- www.vulncheck.com/advisories/mmonit-password-disclosuremitrethird-party-advisory
- mmonit.commitreproduct
News mentions
0No linked articles in our index yet.