Vulnerabilities > Use of Password Hash With Insufficient Computational Effort
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-15 | CVE-2023-33243 | Use of Password Hash With Insufficient Computational Effort vulnerability in Starface RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. | 8.1 |
| 2023-03-13 | CVE-2023-27580 | Use of Password Hash With Insufficient Computational Effort vulnerability in Codeigniter Shield 1.0.0 CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. | 5.9 |
| 2023-03-01 | CVE-2023-0567 | Use of Password Hash With Insufficient Computational Effort vulnerability in PHP In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. | 6.2 |
| 2023-02-16 | CVE-2022-26115 | Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortisandbox A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords. | 7.5 |
| 2023-01-31 | CVE-2022-40258 | Use of Password Hash With Insufficient Computational Effort vulnerability in AMI Megarac Spx-12 and Megarac Spx-13 AMI Megarac Weak password hashes for Redfish & API | 5.3 |
| 2023-01-20 | CVE-2022-47732 | Use of Password Hash With Insufficient Computational Effort vulnerability in Yeastar N412 Firmware and N824 Firmware In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device. | 7.5 |
| 2022-12-26 | CVE-2020-12069 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. | 7.8 |
| 2022-09-08 | CVE-2022-37163 | Use of Password Hash With Insufficient Computational Effort vulnerability in Ihatetobudget Project Ihatetobudget 1.5.7 Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | 9.8 |
| 2022-09-08 | CVE-2022-37164 | Use of Password Hash With Insufficient Computational Effort vulnerability in Ontrack Project Ontrack 3.4 Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | 9.8 |
| 2022-06-02 | CVE-2022-29731 | Use of Password Hash With Insufficient Computational Effort vulnerability in ICT Protege GX Firmware and Protege WX Firmware An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. | 4.0 |