Vulnerabilities > Use of Password Hash With Insufficient Computational Effort

DATE CVE VULNERABILITY TITLE RISK
2018-04-05 CVE-2018-9233 Use of Password Hash With Insufficient Computational Effort vulnerability in Sophos Endpoint Protection 10.7
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.
local
low complexity
sophos CWE-916
7.8
2018-04-04 CVE-2018-1447 Use of Password Hash With Insufficient Computational Effort vulnerability in IBM products
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords.
network
high complexity
ibm CWE-916
8.1
2017-08-01 CVE-2017-11131 Use of Password Hash With Insufficient Computational Effort vulnerability in Stashcat Heinekingmedia 0.0.80W/0.0.86W/1.7.5
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop.
network
high complexity
stashcat CWE-916
5.9
2008-03-26 CVE-2008-1526 Use of Password Hash With Insufficient Computational Effort vulnerability in Zyxel products
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.
network
low complexity
zyxel CWE-916
7.5
2006-04-04 CVE-2006-1058 Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
local
low complexity
busybox avaya CWE-916
5.5
2005-02-14 CVE-2005-0408 Use of Password Hash With Insufficient Computational Effort vulnerability in Citrusdb 0.3.6
CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.
network
low complexity
citrusdb CWE-916
critical
9.8
2002-12-31 CVE-2002-1657 Use of Password Hash With Insufficient Computational Effort vulnerability in Postgresql 7.3.19
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
network
low complexity
postgresql CWE-916
7.5
2001-08-31 CVE-2001-0967 Use of Password Hash With Insufficient Computational Effort vulnerability in Arkeia 4.2/4.2.82
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing.
network
low complexity
arkeia CWE-916
critical
9.8