Vulnerabilities > Use of Password Hash With Insufficient Computational Effort
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-14 | CVE-2020-10040 | Use of Password Hash With Insufficient Computational Effort vulnerability in Siemens products A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). | 5.5 |
2020-06-19 | CVE-2017-18917 | Use of Password Hash With Insufficient Computational Effort vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 7.5 |
2020-03-24 | CVE-2019-20575 | Use of Password Hash With Insufficient Computational Effort vulnerability in Google Android 9.0 An issue was discovered on Samsung mobile devices with P(9.0) software. | 5.4 |
2020-02-12 | CVE-2014-2560 | Use of Password Hash With Insufficient Computational Effort vulnerability in Phoner Phonerlite The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | 7.5 |
2020-02-12 | CVE-2009-5139 | Use of Password Hash With Insufficient Computational Effort vulnerability in Google Gizmo5 The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | 7.5 |
2019-12-30 | CVE-2019-19735 | Use of Password Hash With Insufficient Computational Effort vulnerability in Mfscripts Yetishare class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing. | 9.1 |
2019-12-30 | CVE-2019-20138 | Use of Password Hash With Insufficient Computational Effort vulnerability in Http Authentication Library Project Http Authentication Library The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used. | 7.5 |
2019-12-12 | CVE-2019-19766 | Use of Password Hash With Insufficient Computational Effort vulnerability in Bitwarden Server The Bitwarden server through 1.32.0 has a potentially unwanted KDF. | 7.5 |
2019-11-21 | CVE-2014-0083 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. | 5.5 |
2019-11-07 | CVE-2010-2450 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. | 7.5 |