Vulnerabilities > Use of Password Hash With Insufficient Computational Effort

DATE CVE VULNERABILITY TITLE RISK
2020-07-14 CVE-2020-10040 Use of Password Hash With Insufficient Computational Effort vulnerability in Siemens products
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18).
local
low complexity
siemens CWE-916
5.5
2020-06-19 CVE-2017-18917 Use of Password Hash With Insufficient Computational Effort vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.
network
low complexity
mattermost CWE-916
7.5
2020-03-24 CVE-2019-20575 Use of Password Hash With Insufficient Computational Effort vulnerability in Google Android 9.0
An issue was discovered on Samsung mobile devices with P(9.0) software.
low complexity
google CWE-916
5.4
2020-02-12 CVE-2014-2560 Use of Password Hash With Insufficient Computational Effort vulnerability in Phoner Phonerlite
The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
network
high complexity
phoner CWE-916
7.5
2020-02-12 CVE-2009-5139 Use of Password Hash With Insufficient Computational Effort vulnerability in Google Gizmo5
The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
network
high complexity
google CWE-916
7.5
2019-12-30 CVE-2019-19735 Use of Password Hash With Insufficient Computational Effort vulnerability in Mfscripts Yetishare
class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.
network
low complexity
mfscripts CWE-916
critical
9.1
2019-12-30 CVE-2019-20138 Use of Password Hash With Insufficient Computational Effort vulnerability in Http Authentication Library Project Http Authentication Library
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used.
7.5
2019-12-12 CVE-2019-19766 Use of Password Hash With Insufficient Computational Effort vulnerability in Bitwarden Server
The Bitwarden server through 1.32.0 has a potentially unwanted KDF.
network
low complexity
bitwarden CWE-916
7.5
2019-11-21 CVE-2014-0083 Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products
The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.
local
low complexity
net-ldap-project debian CWE-916
5.5
2019-11-07 CVE-2010-2450 Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm.
network
low complexity
shibboleth debian CWE-916
7.5