Vulnerabilities > Use of Password Hash With Insufficient Computational Effort
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-05 | CVE-2018-15681 | Use of Password Hash With Insufficient Computational Effort vulnerability in Btiteam Xbtit 2.5.4 An issue was discovered in BTITeam XBTIT 2.5.4. | 5.0 |
| 2018-09-05 | CVE-2018-15680 | Use of Password Hash With Insufficient Computational Effort vulnerability in Btiteam Xbtit 2.5.4 An issue was discovered in BTITeam XBTIT 2.5.4. | 5.0 |
| 2018-08-01 | CVE-2018-10618 | Use of Password Hash With Insufficient Computational Effort vulnerability in Davolink Dvw-3200N Firmware Davolink DVW-3200N all version prior to Version 1.00.06. | 5.0 |
| 2018-06-12 | CVE-2017-3962 | Use of Password Hash With Insufficient Computational Effort vulnerability in Mcafee Network Security Manager Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes. | 9.8 |
| 2018-04-05 | CVE-2018-9233 | Use of Password Hash With Insufficient Computational Effort vulnerability in Sophos Endpoint Protection 10.7 Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches. | 2.1 |
| 2018-04-04 | CVE-2018-1447 | Use of Password Hash With Insufficient Computational Effort vulnerability in IBM products The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. | 5.0 |
| 2017-08-01 | CVE-2017-11131 | Use of Password Hash With Insufficient Computational Effort vulnerability in Stashcat Heinekingmedia 0.0.80W/0.0.86W/1.7.5 An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. | 4.3 |
| 2008-03-26 | CVE-2008-1526 | Use of Password Hash With Insufficient Computational Effort vulnerability in Zyxel products ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords. | 7.5 |
| 2006-04-04 | CVE-2006-1058 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. | 5.5 |
| 2005-02-14 | CVE-2005-0408 | Use of Password Hash With Insufficient Computational Effort vulnerability in Citrusdb 0.3.6 CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable. | 9.8 |