CWE-916

Use of Password Hash With Insufficient Computational Effort

Parent: CWE-328 - Use of Weak Hash

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

110 vulnerabilities with CWE-916
CVE-2014-2560 HIGH
PhonerLite <2.15 - Info Disclosure
CVSS 7.5
CVE-2014-0083 MEDIUM
Ruby net-ldap <0.11 - Info Disclosure
CVSS 5.5
CVE-2014-2354
Cogent DataHub <7.3.5 - Info Disclosure
CVE-2010-2450 HIGH
Shibboleth Service Provider - Information Disclosure
CVSS 7.5
CVE-2009-5139 HIGH
Gizmo5 - Info Disclosure
CVSS 7.5
CVE-2008-1526 HIGH
ZyXEL Prestige - Password Cracking
CVSS 7.5
CVE-2006-1058 MEDIUM
BusyBox 1.1.1 - Info Disclosure
CVSS 5.5
CVE-2005-0408 CRITICAL
CitrusDB <0.3.6 - Auth Bypass
CVSS 9.8
CVE-2002-1657 HIGH
PostgreSQL - Info Disclosure
CVSS 7.5
CVE-2001-0967 CRITICAL
Knox Arkeia server <4.2 - Info Disclosure
CVSS 9.8
Details
Vulnerabilities 110
Links
MITRE CWE Entry Search this CWE With Exploits