Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-916

CWE-916

Use of Password Hash With Insufficient Computational Effort

Parent: CWE-328 - Use of Weak Hash

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

115 vulnerabilities with CWE-916

CVE-2026-9641 MEDIUM

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations

CVE-2026-25861 MEDIUM

QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php

CVE-2026-44611 MEDIUM

MacGregor Voyage Data Recorder (VDR) G4e Use of Password Hash With Insufficient Computational Effort

CVE-2026-45787 CRITICAL

electerm's encrypt method not safe enough

CVE-2026-45027 MEDIUM

WeGIA: Use of Weak Password Hashing Algorithm (SHA-256, no salt) in html/login.php

CVE-2026-30790 CRITICAL

RustDesk Server Pro/OSS - Auth Bypass

CVE-2026-30789 CRITICAL

RustDesk Client <1.4.5 - Auth Bypass

CVE-2026-30785 MEDIUM

rustdesk < 1.4.5 - Prototype Pollution and Insufficient Password Hash Effort

CVE-2025-67168 MEDIUM

RiteCMS 3.1.0 - Use of Password Hash With Insufficient Computational Effort

CVE-2025-13532 MEDIUM

Fortra's Core Privileged Access Manager - Info Disclosure

CVE-2025-41692 MEDIUM

Phoenixcontact FL NAT/SWITCH Firmware <= 3.50 - Weak Password Generation

CVE-2025-46413 MEDIUM

BUFFALO WSR-1800AX4 - Info Disclosure

CVE-2025-7789 LOW

Xuxueli xxl-job <3.1.1 - Password Hashing

CVE-2025-3937 HIGH

Tridium Niagara <4.14.2-4.15.1-4.10.11 - Cryptanalysis

CVE-2025-24340 MEDIUM

Bosch Rexroth ctrlX OS 1.12.0-1.12.8, 1.20.0-1.20.6, 2.6.0-2.6.7 Authenticated Password Recovery via Weak Hash

CVE-2025-27552 MEDIUM

DBIx::Class::EncodedColumn <0.00032 - Info Disclosure

CVE-2025-27551 MEDIUM

DBIx::Class::EncodedColumn <0.00032 - Info Disclosure

CVE-2025-26486 MEDIUM

Beta80 Life 1st Identity Mgr <1.5.2.142 - Info Disclosure

CVE-2025-2349 LOW

IROAD Dash Cam FX2 <20250308 - Info Disclosure

CVE-2025-2265 HIGH

Sante PACS Server.exe - Info Disclosure

CVE-2024-5743 CRITICAL

Eve Play <= 1.1.42 - Remote Code Execution via Weak Password Hash

CVE-2024-55057 MEDIUM

Phpgurukul Online Birth Certificate System 1.0 - Info Disclosure

CVE-2024-7701 HIGH

Percona Toolkit <3.6.0 - Info Disclosure

CVE-2024-23091 HIGH

HotelDruid < 1.3.2 - Weak Password Hashing via MD5 in funzioni.php

CVE-2024-24553 HIGH

Bludit 3.14.0-3.14.9 - Weak Password Hashing via SHA-1 and Insecure Salt Generation

Page 1 of 5 Next

Details

Vulnerabilities 115

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy