Vulnerabilities > Use of Password Hash With Insufficient Computational Effort
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-30 | CVE-2024-23091 | Use of Password Hash With Insufficient Computational Effort vulnerability in Digitaldruid Hoteldruid Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values. | 7.5 |
| 2024-02-20 | CVE-2024-25607 | Use of Password Hash With Insufficient Computational Effort vulnerability in Liferay Digital Experience Platform The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes. | 7.5 |
| 2024-01-02 | CVE-2022-3010 | Use of Password Hash With Insufficient Computational Effort vulnerability in Priva TOP Control Suite 8.7.8.0 The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. | 7.5 |
| 2023-11-02 | CVE-2023-5846 | Use of Password Hash With Insufficient Computational Effort vulnerability in Franklinfueling Ts-550 EVO Firmware 1.8.7.7299 Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device. | 9.8 |
| 2023-09-19 | CVE-2022-47557 | Use of Password Hash With Insufficient Computational Effort vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions. | 6.1 |
| 2023-09-07 | CVE-2023-41646 | Use of Password Hash With Insufficient Computational Effort vulnerability in Perrymitchell Buttercup 2.20.3 Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/ | 5.3 |
| 2023-08-24 | CVE-2023-31412 | Use of Password Hash With Insufficient Computational Effort vulnerability in Sick Lms500 Firmware, Lms511 Firmware and Lms531 Firmware The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. | 7.5 |
| 2023-06-15 | CVE-2023-33243 | Use of Password Hash With Insufficient Computational Effort vulnerability in Starface 7.3.0.10 RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. | 8.1 |
| 2023-03-01 | CVE-2023-0567 | Use of Password Hash With Insufficient Computational Effort vulnerability in PHP In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. | 6.2 |
| 2023-02-16 | CVE-2022-26115 | Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortisandbox A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords. | 7.5 |