| Severity | Description | ||||||
|---|---|---|---|---|---|---|---|
| CVE-2026-40522 | High | 7.1 v3 | 0.1% | - | -No fix available yet | 2026-06-29 | FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM_0 POST parameter. Attackers can supply malicious SQL syntax through the unparameterized WHERE clause to retrieve sensitive information including usernames, password hashes, and email addresses from the users table, rendered into PDF report output. |
| CVE-2026-55069 | High | 8.7 v3 | 0.2% | - | Fix available | 2026-06-26 | Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computation speed to recover the administrator password offline. In Kubernetes deployments, a successful crack further enables reading of the cluster ServiceAccount Token and all K8s Secrets, achieving vertical privilege escalation. This vulnerability is fixed in 1.3.24. |
| CVE-2026-56272 | Medium | 4.1 v3 | 0.1% | - | -No fix available yet | 2026-06-24 | Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database breach scenario. |
| CVE-2026-9641 | Medium | 5.3 v3 | 0.2% | - | Fix available | 2026-06-12 | Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000 iterations should be used. |
| CVE-2026-25861 | Medium | 5.9 v3 | 0.2% | - | -No fix available yet | 2026-06-02 | QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt() function within classes/Tools.php, which concatenates a static cookie key with the supplied password. Attackers can perform offline brute-force attacks against the MD5 hashes, with the risk compounded by auto-generated 8-character passwords assigned during guest-to-customer account conversion in classes/Customer.php, making credential recovery trivial. |
| CVE-2026-44611 | Medium | 5.4 v3 | 0.1% | - | Fix available | 2026-05-29 | Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks. |
| CVE-2026-45787 | Critical | 9.1 v3 | 0.1% | - | Fix available | 2026-05-28 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks. This vulnerability is fixed in 3.9.5. |
| CVE-2026-45027 | Medium | 5.9 v3 | 0.1% | - | -No fix available yet | 2026-05-27 | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash() function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in controle/FuncionarioControle.php follows the same pattern. SHA-256 is a general-purpose cryptographic hash built for speed, not password storage. Without a salt, identical passwords produce identical digests, making the entire hash database vulnerable to a single precomputed rainbow table lookup. This vulnerability is fixed in 3.7.3. |
| CVE-2026-30789 | Critical | 9.8 v3 | 0.3% | - | -No fix available yet | 2026-03-05 | Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Password Brute Forcing. The authentication proof is SHA256(SHA256(password + salt) + challenge), where both the salt and the challenge are generated entirely by the server with no client-side nonce, and the hash uses no slow key-derivation function. A rogue or on-path API/relay server (see CVE-2026-30794 / CVE-2026-30797) can issue a chosen salt and challenge, capture the resulting proof, and recover the password offline. The capture-replay claim (CWE-294) is withdrawn: the challenge is regenerated per connection (chall |
| CVE-2026-30785 | Medium | 5.5 v3 | 0.1% | - | -No fix available yet | 2026-03-05 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id(). This issue affects RustDesk Client: through 1.4.5. |
| CVE-2025-67168 | Medium | 5.3 v3 | 0.1% | - | -No fix available yet | 2025-12-17 | RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords. |
| CVE-2025-13532 | Medium | 6.2 v3 | 0.1% | - | -No fix available yet | 2025-12-16 | Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain. |
| CVE-2025-41692 | Medium | 6.8 v3 | 0.3% | - | Fix available | 2025-12-09 | A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm. |
| CVE-2025-46413 | Medium | 4.3 v3 | 0.1% | - | -No fix available yet | 2025-11-07 | Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker. |
| CVE-2025-7789 | Low | 3.7 v3 | 0.3% | - | -No fix available yet | 2025-07-18 | A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. |
| CVE-2025-3937 | High | 7.7 v3 | 0.3% | - | -No fix available yet | 2025-05-22 | Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. |
| CVE-2025-24340 | Medium | 6.5 v3 | 0.2% | - | -No fix available yet | 2025-04-30 | A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users. |
| CVE-2025-27552 | Medium | 4.0 v3 | 0.1% | - | Fix available | 2025-03-26 | DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032. |
| CVE-2025-27551 | Medium | 4.0 v3 | 0.1% | - | Fix available | 2025-03-26 | DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032. |
| CVE-2025-26486 | Medium | 6.0 v3 | 0.1% | - | -No fix available yet | 2025-03-19 | Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication. This issue affects Life 1st: 1.5.2.14234. |
| CVE-2025-2349 | Low | 3.1 v3 | 0.2% | - | -No fix available yet | 2025-03-16 | A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effort. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. |
| CVE-2025-2265 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2025-03-13 | The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte |
| CVE-2023-33838 | Medium | 4.4 v3 | 0.2% | - | -No fix available yet | 2025-01-29 | IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input. |
| CVE-2024-5743 | Critical | 9.8 v3 | 0.4% | - | -No fix available yet | 2025-01-13 | An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42. |
| CVE-2024-55057 | Medium | 5.4 v3 | 0.1% | - | -No fix available yet | 2024-12-17 | Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts. |
| CVE-2024-7701 | High | 7.5 v3 | 0.2% | - | Fix available | 2024-12-15 | Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0. |
| CVE-2024-23091 | High | 7.5 v3 | 0.4% | - | Fix available | 2024-07-30 | Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values. |
| CVE-2024-24553 | High | 7.5 v3 | 0.2% | - | -No fix available yet | 2024-06-24 | Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function. |
| CVE-2024-3183 | High | 8.1 v3 | 2.1% | - | Fix available | 2024-06-12 | A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password). |
| CVE-2024-21754 | Low | 1.8 v3 | 3.5% | - | Fix available | 2024-06-11 | A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file. |
| CVE-2024-31464 | Medium | 6.8 v3 | 0.4% | - | Fix available | 2024-04-10 | XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's possible for an attacker to have access to the hash password of a user if they have rights to edit the users' page. With the default right scheme in XWiki this vulnerability is normally prevented on user profiles, except by users with Admin rights. Note that this vulnerability also impacts any extensions that might use passwords stored in xobjects: for those usecases it depends on the right of those pages. There is currently no way to be 100% sure that this vulnerability has been exploited, as a |
| CVE-2024-29886 | Medium | 5.3 v3 | 0.3% | - | Fix available | 2024-03-27 | Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6. |
| CVE-2024-2365 | Low | 1.6 v3 | 0.3% | - | -No fix available yet | 2024-03-11 | A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-256321 was assigned to this vulnerability. |
| CVE-2024-25607 | High | 8.1 v3 | 0.3% | - | Fix available | 2024-02-20 | The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes. |
| CVE-2022-3010 | High | 7.5 v3 | 0.5% | - | -No fix available yet | 2024-01-02 | The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite. |
| CVE-2023-5846 | High | 8.3 v3 | 0.3% | - | Fix available | 2023-11-02 | Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device. |
| CVE-2023-46233 | Critical | 9.1 v3 | 0.6% | - | Fix available | 2023-10-25 | crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations. |
| CVE-2023-46133 | Critical | 9.1 v3 | 0.4% | - | Fix available | 2023-10-25 | CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 2.1.0 contains a patch for this issue. As a workaround, configure CryptoES to use SHA256 with at least 250,000 iterations. |
| CVE-2022-47557 | Medium | 6.1 v3 | 0.1% | - | -No fix available yet | 2023-09-19 | Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions. |
| CVE-2023-4986 | Low | 2.5 v3 | 0.2% | - | -No fix available yet | 2023-09-15 | A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-239797 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| CVE-2023-41646 | Medium | 5.3 v3 | 0.4% | - | -No fix available yet | 2023-09-07 | Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/ |
| CVE-2023-31412 | High | 7.5 v3 | 0.3% | - | -No fix available yet | 2023-08-24 | The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password. |
| CVE-2023-34433 | High | 7.5 v3 | 0.3% | - | -No fix available yet | 2023-07-07 | PiiGAB M-Bus stores passwords using a weak hash algorithm. |
| CVE-2023-33243 | High | 8.1 v3 | 4.4% | - | -No fix available yet | 2023-06-15 | RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash. |
| CVE-2023-27580 | High | 7.5 v3 | 0.5% | - | -No fix available yet | 2023-03-13 | CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user's hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user's password. Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all users’ hashed passwords should be updated (saved to the database). There are no known workarounds. |
| CVE-2023-0567 | High | 7.7 v3 | 0.9% | - | Fix available | 2023-03-01 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. |
| CVE-2022-26115 | Medium | 5.9 v3 | 0.3% | - | -No fix available yet | 2023-02-16 | A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords. |
| CVE-2022-40258 | Medium | 5.3 v3 | 0.4% | - | Fix available | 2023-01-31 | AMI Megarac Weak password hashes for Redfish & API |
| CVE-2022-47732 | High | 7.5 v3 | 0.5% | - | -No fix available yet | 2023-01-20 | In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device. |
| CVE-2020-12069 | High | 7.8 v3 | 0.2% | - | Fix available | 2022-12-26 | In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. |
- HighCVSS 7.1 v3·EPSS 0.1%·No fix yet
FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM_0 POST parameter. Attackers can supply malicious SQL syntax through the unparameterized WHERE clause to retrieve sensitive information including usernames, password hashes, and email addresses from the users table, rendered into PDF report output.
Published 2026-06-29
- HighCVSS 8.7 v3·EPSS 0.2%·Fix available
Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computation speed to recover the administrator password offline. In Kubernetes deployments, a successful crack further enables reading of the cluster ServiceAccount Token and all K8s Secrets, achieving vertical privilege escalation. This vulnerability is fixed in 1.3.24.
Published 2026-06-26
- MediumCVSS 4.1 v3·EPSS 0.1%·No fix yet
Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database breach scenario.
Published 2026-06-24
- MediumCVSS 5.3 v3·EPSS 0.2%·Fix available
Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000 iterations should be used.
Published 2026-06-12
- MediumCVSS 5.9 v3·EPSS 0.2%·No fix yet
QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt() function within classes/Tools.php, which concatenates a static cookie key with the supplied password. Attackers can perform offline brute-force attacks against the MD5 hashes, with the risk compounded by auto-generated 8-character passwords assigned during guest-to-customer account conversion in classes/Customer.php, making credential recovery trivial.
Published 2026-06-02
- MediumCVSS 5.4 v3·EPSS 0.1%·Fix available
Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.
Published 2026-05-29
- CriticalCVSS 9.1 v3·EPSS 0.1%·Fix available
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks. This vulnerability is fixed in 3.9.5.
Published 2026-05-28
- MediumCVSS 5.9 v3·EPSS 0.1%·No fix yet
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash() function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in controle/FuncionarioControle.php follows the same pattern. SHA-256 is a general-purpose cryptographic hash built for speed, not password storage. Without a salt, identical passwords produce identical digests, making the entire hash database vulnerable to a single precomputed rainbow table lookup. This vulnerability is fixed in 3.7.3.
Published 2026-05-27
- CriticalCVSS 9.8 v3·EPSS 0.3%·No fix yet
Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Password Brute Forcing. The authentication proof is SHA256(SHA256(password + salt) + challenge), where both the salt and the challenge are generated entirely by the server with no client-side nonce, and the hash uses no slow key-derivation function. A rogue or on-path API/relay server (see CVE-2026-30794 / CVE-2026-30797) can issue a chosen salt and challenge, capture the resulting proof, and recover the password offline. The capture-replay claim (CWE-294) is withdrawn: the challenge is regenerated per connection (chall
Published 2026-03-05
- MediumCVSS 5.5 v3·EPSS 0.1%·No fix yet
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id(). This issue affects RustDesk Client: through 1.4.5.
Published 2026-03-05
- MediumCVSS 5.3 v3·EPSS 0.1%·No fix yet
RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords.
Published 2025-12-17
- MediumCVSS 6.2 v3·EPSS 0.1%·No fix yet
Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain.
Published 2025-12-16
- MediumCVSS 6.8 v3·EPSS 0.3%·Fix available
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.
Published 2025-12-09
- MediumCVSS 4.3 v3·EPSS 0.1%·No fix yet
Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker.
Published 2025-11-07
- CVSS 3.7 v3·EPSS 0.3%·No fix yet
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Published 2025-07-18
- HighCVSS 7.7 v3·EPSS 0.3%·No fix yet
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Published 2025-05-22
- MediumCVSS 6.5 v3·EPSS 0.2%·No fix yet
A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users.
Published 2025-04-30
- MediumCVSS 4.0 v3·EPSS 0.1%·Fix available
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032.
Published 2025-03-26
- MediumCVSS 4.0 v3·EPSS 0.1%·Fix available
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032.
Published 2025-03-26
- MediumCVSS 6.0 v3·EPSS 0.1%·No fix yet
Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication. This issue affects Life 1st: 1.5.2.14234.
Published 2025-03-19
- CVSS 3.1 v3·EPSS 0.2%·No fix yet
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effort. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Published 2025-03-16
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte
Published 2025-03-13
- MediumCVSS 4.4 v3·EPSS 0.2%·No fix yet
IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.
Published 2025-01-29
- CriticalCVSS 9.8 v3·EPSS 0.4%·No fix yet
An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42.
Published 2025-01-13
- MediumCVSS 5.4 v3·EPSS 0.1%·No fix yet
Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts.
Published 2024-12-17
- HighCVSS 7.5 v3·EPSS 0.2%·Fix available
Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0.
Published 2024-12-15
- HighCVSS 7.5 v3·EPSS 0.4%·Fix available
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
Published 2024-07-30
- HighCVSS 7.5 v3·EPSS 0.2%·No fix yet
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function.
Published 2024-06-24
- HighCVSS 8.1 v3·EPSS 2.1%·Fix available
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).
Published 2024-06-12
- CVSS 1.8 v3·EPSS 3.5%·Fix available
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.
Published 2024-06-11
- MediumCVSS 6.8 v3·EPSS 0.4%·Fix available
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's possible for an attacker to have access to the hash password of a user if they have rights to edit the users' page. With the default right scheme in XWiki this vulnerability is normally prevented on user profiles, except by users with Admin rights. Note that this vulnerability also impacts any extensions that might use passwords stored in xobjects: for those usecases it depends on the right of those pages. There is currently no way to be 100% sure that this vulnerability has been exploited, as a
Published 2024-04-10
- MediumCVSS 5.3 v3·EPSS 0.3%·Fix available
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6.
Published 2024-03-27
- CVSS 1.6 v3·EPSS 0.3%·No fix yet
A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-256321 was assigned to this vulnerability.
Published 2024-03-11
- HighCVSS 8.1 v3·EPSS 0.3%·Fix available
The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.
Published 2024-02-20
- HighCVSS 7.5 v3·EPSS 0.5%·No fix yet
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.
Published 2024-01-02
- HighCVSS 8.3 v3·EPSS 0.3%·Fix available
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.
Published 2023-11-02
- CriticalCVSS 9.1 v3·EPSS 0.6%·Fix available
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.
Published 2023-10-25
- CriticalCVSS 9.1 v3·EPSS 0.4%·Fix available
CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 2.1.0 contains a patch for this issue. As a workaround, configure CryptoES to use SHA256 with at least 250,000 iterations.
Published 2023-10-25
- MediumCVSS 6.1 v3·EPSS 0.1%·No fix yet
Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions.
Published 2023-09-19
- CVSS 2.5 v3·EPSS 0.2%·No fix yet
A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-239797 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Published 2023-09-15
- MediumCVSS 5.3 v3·EPSS 0.4%·No fix yet
Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/
Published 2023-09-07
- HighCVSS 7.5 v3·EPSS 0.3%·No fix yet
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.
Published 2023-08-24
- HighCVSS 7.5 v3·EPSS 0.3%·No fix yet
PiiGAB M-Bus stores passwords using a weak hash algorithm.
Published 2023-07-07
- HighCVSS 8.1 v3·EPSS 4.4%·No fix yet
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.
Published 2023-06-15
- HighCVSS 7.5 v3·EPSS 0.5%·No fix yet
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user's hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user's password. Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all users’ hashed passwords should be updated (saved to the database). There are no known workarounds.
Published 2023-03-13
- HighCVSS 7.7 v3·EPSS 0.9%·Fix available
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.
Published 2023-03-01
- MediumCVSS 5.9 v3·EPSS 0.3%·No fix yet
A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.
Published 2023-02-16
- MediumCVSS 5.3 v3·EPSS 0.4%·Fix available
AMI Megarac Weak password hashes for Redfish & API
Published 2023-01-31
- HighCVSS 7.5 v3·EPSS 0.5%·No fix yet
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.
Published 2023-01-20
- HighCVSS 7.8 v3·EPSS 0.2%·Fix available
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
Published 2022-12-26
Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.