Vulnerabilities > Use of Password Hash With Insufficient Computational Effort
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-25 | CVE-2021-32997 | Use of Password Hash With Insufficient Computational Effort vulnerability in Bakerhughes products The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. | 5.0 |
| 2022-05-19 | CVE-2020-16231 | Use of Password Hash With Insufficient Computational Effort vulnerability in Bachmann products The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. | 6.5 |
| 2022-05-10 | CVE-2022-24041 | Use of Password Hash With Insufficient Computational Effort vulnerability in Siemens products A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). | 6.5 |
| 2022-04-06 | CVE-2021-26113 | Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortiwan 4.2.4 A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored. | 5.0 |
| 2022-04-05 | CVE-2022-1235 | Use of Password Hash With Insufficient Computational Effort vulnerability in Livehelperchat Live Helper Chat Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. | 6.4 |
| 2022-03-21 | CVE-2022-23348 | Use of Password Hash With Insufficient Computational Effort vulnerability in Bigantsoft Bigant Server 5.6.06 BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. | 5.0 |
| 2022-03-09 | CVE-2022-0022 | Use of Password Hash With Insufficient Computational Effort vulnerability in Paloaltonetworks Pan-Os Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. | 4.6 |
| 2021-11-15 | CVE-2021-38979 | Use of Password Hash With Insufficient Computational Effort vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. | 5.0 |
| 2021-10-08 | CVE-2021-36767 | Use of Password Hash With Insufficient Computational Effort vulnerability in Digi products In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. | 9.8 |
| 2021-10-04 | CVE-2021-38400 | Use of Password Hash With Insufficient Computational Effort vulnerability in Bostonscientific Zoom Latitude Pogrammer/Recorder/Monitor 3120 Firmware An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password. | 4.6 |