Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24553 | 1 Bludit | 1 Bludit | 2026-01-02 | N/A | 7.5 HIGH |
| Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function. | |||||
| CVE-2025-41692 | 1 Phoenixcontact | 137 Fl Nat 2008, Fl Nat 2008 Firmware, Fl Nat 2208 and 134 more | 2025-12-19 | N/A | 6.8 MEDIUM |
| A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm. | |||||
| CVE-2025-67168 | 1 Ritecms | 1 Ritecms | 2025-12-18 | N/A | 5.3 MEDIUM |
| RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords. | |||||
| CVE-2025-13532 | 2025-12-18 | N/A | 6.2 MEDIUM | ||
| Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain. | |||||
| CVE-2025-46413 | 2025-11-12 | N/A | 4.3 MEDIUM | ||
| Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker. | |||||
| CVE-2025-2349 | 1 Iroadau | 2 Fx2, Fx2 Firmware | 2025-11-06 | 1.8 LOW | 3.1 LOW |
| A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effort. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2014-2354 | 1 Cogentdatahub | 1 Cogent Datahub | 2025-10-03 | 6.0 MEDIUM | N/A |
| Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | |||||
| CVE-2025-7789 | 1 Xuxueli | 1 Xxl-job | 2025-09-11 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-27552 | 2025-09-05 | N/A | 4.0 MEDIUM | ||
| DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032. | |||||
| CVE-2025-27551 | 2025-09-05 | N/A | 4.0 MEDIUM | ||
| DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032. | |||||
| CVE-2024-7701 | 1 Percona | 1 Toolkit | 2025-08-05 | N/A | 7.5 HIGH |
| Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0. | |||||
| CVE-2025-26486 | 2025-07-02 | N/A | 6.0 MEDIUM | ||
| Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication. This issue affects Life 1st: 1.5.2.14234. | |||||
| CVE-2025-3937 | 4 Blackberry, Linux, Microsoft and 1 more | 5 Qnx, Linux Kernel, Windows and 2 more | 2025-06-04 | N/A | 7.7 HIGH |
| Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | |||||
| CVE-2020-12069 | 4 Codesys, Festo, Pilz and 1 more | 114 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 111 more | 2025-05-05 | N/A | 7.8 HIGH |
| In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. | |||||
| CVE-2025-24340 | 2025-05-02 | N/A | 6.5 MEDIUM | ||
| A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users. | |||||
| CVE-2017-11131 | 1 Stashcat | 1 Heinekingmedia | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for authentication. Moreover, only the first 32 bytes of the hash are used. This allows for easy dictionary and rainbow-table attacks if an attacker has access to the password hash. | |||||
| CVE-2008-1526 | 1 Zyxel | 38 P-660h-61, P-660h-61 Firmware, P-660h-63 and 35 more | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords. | |||||
| CVE-2022-47732 | 1 Yeastar | 4 N412, N412 Firmware, N824 and 1 more | 2025-04-03 | N/A | 7.5 HIGH |
| In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device. | |||||
| CVE-2002-1657 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. | |||||
| CVE-2005-0408 | 1 Citrusdb | 1 Citrusdb | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable. | |||||