Vulnerabilities > Use of Password Hash With Insufficient Computational Effort

DATE CVE VULNERABILITY TITLE RISK
2021-08-04 CVE-2021-32596 Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortiportal
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.
network
low complexity
fortinet CWE-916
5.0
2021-07-21 CVE-2021-22774 Use of Password Hash With Insufficient Computational Effort vulnerability in Schneider-Electric products
A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques.
network
low complexity
schneider-electric CWE-916
5.0
2021-07-07 CVE-2021-32519 Use of Password Hash With Insufficient Computational Effort vulnerability in Qsan Sanos, Storage Manager and Xevo
Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash.
network
low complexity
qsan CWE-916
5.0
2021-06-16 CVE-2020-25754 Use of Password Hash With Insufficient Computational Effort vulnerability in Enphase Envoy Firmware D4.0/R3.0
An issue was discovered on Enphase Envoy R3.x and D4.x devices.
network
low complexity
enphase CWE-916
5.0
2021-05-26 CVE-2021-22741 Use of Password Hash With Insufficient Computational Effort vulnerability in Schneider-Electric products
Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available.
local
low complexity
schneider-electric CWE-916
4.6
2021-05-24 CVE-2021-33563 Use of Password Hash With Insufficient Computational Effort vulnerability in Koel
Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username.
network
low complexity
koel CWE-916
5.0
2021-04-02 CVE-2019-20466 Use of Password Hash With Insufficient Computational Effort vulnerability in Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 Firmware
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices.
local
low complexity
sannce CWE-916
7.2
2021-03-18 CVE-2020-14516 Use of Password Hash With Insufficient Computational Effort vulnerability in Rockwellautomation Factorytalk Services Platform 6.10.00/6.11.00
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.
network
low complexity
rockwellautomation CWE-916
7.5
2021-03-17 CVE-2020-28873 Use of Password Hash With Insufficient Computational Effort vulnerability in Fluxbb 1.5.11
Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form.
network
low complexity
fluxbb CWE-916
7.8
2021-01-26 CVE-2020-6780 Use of Password Hash With Insufficient Computational Effort vulnerability in Bosch Fsm-2500 Firmware and Fsm-5000 Firmware
Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.
network
low complexity
bosch CWE-916
4.0