Vulnerabilities > Use of Password Hash With Insufficient Computational Effort
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-21 | CVE-2022-23348 | Use of Password Hash With Insufficient Computational Effort vulnerability in Bigantsoft Bigant Server 5.6.06 BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. | 5.3 |
| 2022-03-09 | CVE-2022-0022 | Use of Password Hash With Insufficient Computational Effort vulnerability in Paloaltonetworks Pan-Os Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. | 4.4 |
| 2021-11-15 | CVE-2021-38979 | Use of Password Hash With Insufficient Computational Effort vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. | 7.5 |
| 2021-10-08 | CVE-2021-36767 | Use of Password Hash With Insufficient Computational Effort vulnerability in Digi products In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. | 9.8 |
| 2021-10-04 | CVE-2021-38400 | Use of Password Hash With Insufficient Computational Effort vulnerability in Bostonscientific Zoom Latitude Pogrammer/Recorder/Monitor 3120 Firmware An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password. | 6.8 |
| 2021-09-02 | CVE-2021-38314 | Use of Password Hash With Insufficient Computational Effort vulnerability in Redux Gutenberg Template Library & Redux Framework The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. | 5.3 |
| 2021-08-06 | CVE-2021-37551 | Use of Password Hash With Insufficient Computational Effort vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. | 5.3 |
| 2021-08-04 | CVE-2021-32596 | Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortiportal A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables. | 7.5 |
| 2021-07-21 | CVE-2021-22774 | Use of Password Hash With Insufficient Computational Effort vulnerability in Schneider-Electric products A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques. | 7.5 |
| 2021-06-16 | CVE-2020-25754 | Use of Password Hash With Insufficient Computational Effort vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x devices. | 7.5 |