CWE-328 · Use of Weak Hash

84 CVEs classified under CWE-328 (Use of Weak Hash). Browse by severity and year.

Top CVEs for CWE-328
CVESeverityScorePublishedSummary
CVE-2026-36182Critical9.82026-06-04GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and pr…
CVE-2020-37168Critical9.82026-05-13Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key…
CVE-2025-41652Critical9.82025-05-27The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakn…
CVE-2025-27595Critical9.82025-03-14The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the sec…
CVE-2022-45141Critical9.82023-03-06Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac i…
CVE-2023-0452Critical9.82023-01-26Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without au…
CVE-2004-2761Critical9.82009-01-05The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated…
CVE-2023-46233Critical9.12023-10-25crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at…
CVE-2023-46133Critical9.12023-10-25CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally…
CVE-2024-40465High8.82024-07-31An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file
CVE-2023-43635High8.82023-09-20 Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update…
CVE-2023-43630High8.82023-09-20PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7f…
CVE-2024-48847High8.22024-12-05MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes.  Affect…
CVE-2026-40164High7.52026-04-14jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432…
CVE-2025-47276High7.52025-05-13Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actual…
CVE-2024-55885High7.52024-12-12beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer consid…
CVE-2024-8452High7.52024-09-30Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowi…
CVE-2022-29249High7.52022-05-24JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The is…
CVE-2021-39182High7.52021-11-08EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who ar…
CVE-2025-41256High7.42025-06-25Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored…