Vulnerabilities > Use of Password Hash With Insufficient Computational Effort

DATE CVE VULNERABILITY TITLE RISK
2020-11-17 CVE-2020-14389 Use of Password Hash With Insufficient Computational Effort vulnerability in Redhat Keycloak
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
network
low complexity
redhat CWE-916
8.1
2020-11-09 CVE-2020-27693 Use of Password Hash With Insufficient Computational Effort vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.
local
low complexity
trendmicro CWE-916
2.1
2020-10-16 CVE-2019-12305 Use of Password Hash With Insufficient Computational Effort vulnerability in Actions-Micro Ezcast PRO II Firmware
In EZCast Pro II, the administrator password md5 hash is provided upon a web request.
low complexity
actions-micro CWE-916
3.3
2020-08-25 CVE-2020-14512 Use of Password Hash With Insufficient Computational Effort vulnerability in Secomea Gatemanager 8250 Firmware
GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords.
network
low complexity
secomea CWE-916
5.0
2020-07-14 CVE-2020-10040 Use of Password Hash With Insufficient Computational Effort vulnerability in Siemens products
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18).
local
low complexity
siemens CWE-916
2.1
2020-06-19 CVE-2017-18917 Use of Password Hash With Insufficient Computational Effort vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.
5.0
2020-06-15 CVE-2020-0533 Use of Password Hash With Insufficient Computational Effort vulnerability in Intel Converged Security Management Engine Firmware
Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
local
low complexity
intel CWE-916
4.6
2020-03-24 CVE-2019-20575 Use of Password Hash With Insufficient Computational Effort vulnerability in Google Android 9.0
An issue was discovered on Samsung mobile devices with P(9.0) software.
low complexity
google CWE-916
4.8
2020-02-12 CVE-2014-2560 Use of Password Hash With Insufficient Computational Effort vulnerability in Phoner Phonerlite
The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
network
phoner CWE-916
4.3
2020-02-12 CVE-2009-5139 Use of Password Hash With Insufficient Computational Effort vulnerability in Google Gizmo5
The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
network
google CWE-916
4.3