Vulnerabilities > Use of Password Hash With Insufficient Computational Effort

DATE CVE VULNERABILITY TITLE RISK
2022-04-06 CVE-2021-26113 Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortiwan 4.2.4
A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored.
network
low complexity
fortinet CWE-916
5.0
2022-04-05 CVE-2022-1235 Use of Password Hash With Insufficient Computational Effort vulnerability in Livehelperchat Live Helper Chat
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.
network
low complexity
livehelperchat CWE-916
6.4
2022-03-21 CVE-2022-23348 Use of Password Hash With Insufficient Computational Effort vulnerability in Bigantsoft Bigant Server 5.6.06
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
network
low complexity
bigantsoft CWE-916
5.0
2022-03-09 CVE-2022-0022 Use of Password Hash With Insufficient Computational Effort vulnerability in Paloaltonetworks Pan-Os
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode.
local
low complexity
paloaltonetworks CWE-916
4.6
2021-11-15 CVE-2021-38979 Use of Password Hash With Insufficient Computational Effort vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input.
network
low complexity
ibm CWE-916
5.0
2021-10-08 CVE-2021-36767 Use of Password Hash With Insufficient Computational Effort vulnerability in Digi products
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective.
network
low complexity
digi CWE-916
critical
9.8
2021-10-04 CVE-2021-38400 Use of Password Hash With Insufficient Computational Effort vulnerability in Bostonscientific Zoom Latitude Pogrammer/Recorder/Monitor 3120 Firmware
An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.
local
low complexity
bostonscientific CWE-916
4.6
2021-09-02 CVE-2021-38314 Use of Password Hash With Insufficient Computational Effort vulnerability in Redux Gutenberg Template Library & Redux Framework
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'.
network
low complexity
redux CWE-916
5.3
2021-08-06 CVE-2021-37551 Use of Password Hash With Insufficient Computational Effort vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
network
low complexity
jetbrains CWE-916
5.0
2021-08-04 CVE-2021-32596 Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortiportal
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.
network
low complexity
fortinet CWE-916
5.0