Vulnerabilities > Use of Password Hash With Insufficient Computational Effort

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-29731 Use of Password Hash With Insufficient Computational Effort vulnerability in ICT Protege GX Firmware and Protege WX Firmware
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users.
network
low complexity
ict CWE-916
4.0
2022-05-25 CVE-2021-32997 Use of Password Hash With Insufficient Computational Effort vulnerability in Bakerhughes products
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No.
network
low complexity
bakerhughes CWE-916
5.0
2022-05-19 CVE-2020-16231 Use of Password Hash With Insufficient Computational Effort vulnerability in Bachmann products
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords.
network
low complexity
bachmann CWE-916
6.5
2022-05-10 CVE-2022-24041 Use of Password Hash With Insufficient Computational Effort vulnerability in Siemens products
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884).
network
low complexity
siemens CWE-916
4.0
2022-04-06 CVE-2021-26113 Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortiwan 4.2.4
A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored.
network
low complexity
fortinet CWE-916
5.0
2022-04-05 CVE-2022-1235 Use of Password Hash With Insufficient Computational Effort vulnerability in Livehelperchat Live Helper Chat
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.
network
low complexity
livehelperchat CWE-916
6.4
2022-04-01 CVE-2022-25156 Use of Password Hash With Insufficient Computational Effort vulnerability in Mitsubishielectric products
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash.
6.8
2022-04-01 CVE-2022-25157 Use of Password Hash With Insufficient Computational Effort vulnerability in Mitsubishielectric products
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash.
network
low complexity
mitsubishielectric CWE-916
6.4
2022-03-21 CVE-2022-23348 Use of Password Hash With Insufficient Computational Effort vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
network
low complexity
bigantsoft CWE-916
5.0
2022-03-09 CVE-2022-0022 Use of Password Hash With Insufficient Computational Effort vulnerability in Paloaltonetworks Pan-Os
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode.
local
low complexity
paloaltonetworks CWE-916
4.6