Vulnerabilities > Use of Password Hash With Insufficient Computational Effort
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-31 | CVE-2022-40258 | Use of Password Hash With Insufficient Computational Effort vulnerability in AMI Megarac Spx-12 and Megarac Spx-13 AMI Megarac Weak password hashes for Redfish & API | 5.3 |
| 2023-01-20 | CVE-2022-47732 | Use of Password Hash With Insufficient Computational Effort vulnerability in Yeastar N412 Firmware and N824 Firmware In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device. | 7.5 |
| 2022-12-26 | CVE-2020-12069 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. | 7.8 |
| 2022-09-08 | CVE-2022-37163 | Use of Password Hash With Insufficient Computational Effort vulnerability in Ihatetobudget Project Ihatetobudget 1.5.7 Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | 9.8 |
| 2022-09-08 | CVE-2022-37164 | Use of Password Hash With Insufficient Computational Effort vulnerability in Ontrack Project Ontrack 3.4 Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | 9.8 |
| 2022-09-02 | CVE-2022-36071 | Use of Password Hash With Insufficient Computational Effort vulnerability in Sftpgo Project Sftpgo SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. | 8.1 |
| 2022-06-02 | CVE-2022-29731 | Use of Password Hash With Insufficient Computational Effort vulnerability in ICT Protege GX Firmware and Protege WX Firmware An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. | 4.3 |
| 2022-05-19 | CVE-2020-16231 | Use of Password Hash With Insufficient Computational Effort vulnerability in Bachmann products The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. | 8.8 |
| 2022-05-10 | CVE-2022-24041 | Use of Password Hash With Insufficient Computational Effort vulnerability in Siemens products A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). | 6.5 |
| 2022-04-06 | CVE-2021-26113 | Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortiwan A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored. | 7.5 |