CWE-916
Use of Password Hash With Insufficient Computational Effort
Parent: CWE-328 - Use of Weak Hash
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
115 vulnerabilities with CWE-916
CVE-2018-9233
HIGH
Sophos Endpoint Protection 10.7 - Info Disclosure
CVSS 7.8
CVE-2018-1447
MEDIUM
IBM Spectrum Protect <7.2 - Password Weakness
CVSS 5.1
CVE-2017-18917
HIGH
Mattermost Server <3.8.2-3.6.7 - Info Disclosure
CVSS 7.5
CVE-2017-3962
MEDIUM
McAfee NSM <8.2.7.42.2 - Info Disclosure
CVSS 5.6
CVE-2017-11131
MEDIUM
heinekingmedia StashCat - Info Disclosure
CVSS 5.9
CVE-2014-2560
HIGH
PhonerLite < 2.15 - Password Hash Disclosure via SIP Digest Leak
CVSS 7.5
CVE-2014-0083
MEDIUM
Ruby net-ldap <0.11 - Info Disclosure
CVSS 5.5
CVE-2014-2354
Cogent DataHub <7.3.5 - Info Disclosure
CVE-2010-2450
HIGH
Shibboleth Service Provider - Exposure of Sensitive Information via Insecure Key File Permissions
CVSS 7.5
CVE-2009-5139
HIGH
Gizmo5 - Password Hash Brute-Force via SIP Digest Leak
CVSS 7.5
CVE-2008-1526
HIGH
ZyXEL Prestige P-660/P-661/P-662 Firmware 3.40 - Weak Password Hash Computational Effort
CVSS 7.5
CVE-2006-1058
MEDIUM
BusyBox 1.1.1 - Use of Password Hash With Insufficient Computational Effort
CVSS 5.5
CVE-2005-0408
CRITICAL
citrusdb <= 0.3.6 - Unauthenticated Authentication Bypass via Predictable MD5 Hash
CVSS 9.8
CVE-2002-1657
HIGH
PostgreSQL - Weak Password Hashing via Username Salt
CVSS 7.5
CVE-2001-0967
CRITICAL
Knox Arkeia server <4.2 - Info Disclosure
CVSS 9.8
Details
Vulnerabilities
115