CWE-328 · Use of Weak Hash
84 CVEs classified under CWE-328 (Use of Weak Hash). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-36182 | Critical | 9.8 | 2026-06-04 | GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and pr… |
CVE-2020-37168 | Critical | 9.8 | 2026-05-13 | Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key… |
CVE-2025-41652 | Critical | 9.8 | 2025-05-27 | The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakn… |
CVE-2025-27595 | Critical | 9.8 | 2025-03-14 | The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the sec… |
CVE-2022-45141 | Critical | 9.8 | 2023-03-06 | Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac i… |
CVE-2023-0452 | Critical | 9.8 | 2023-01-26 | Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without au… |
CVE-2004-2761 | Critical | 9.8 | 2009-01-05 | The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated… |
CVE-2023-46233 | Critical | 9.1 | 2023-10-25 | crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at… |
CVE-2023-46133 | Critical | 9.1 | 2023-10-25 | CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally… |
CVE-2024-40465 | High | 8.8 | 2024-07-31 | An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file |
CVE-2023-43635 | High | 8.8 | 2023-09-20 | Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update… |
CVE-2023-43630 | High | 8.8 | 2023-09-20 | PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7f… |
CVE-2024-48847 | High | 8.2 | 2024-12-05 | MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affect… |
CVE-2026-40164 | High | 7.5 | 2026-04-14 | jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432… |
CVE-2025-47276 | High | 7.5 | 2025-05-13 | Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actual… |
CVE-2024-55885 | High | 7.5 | 2024-12-12 | beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer consid… |
CVE-2024-8452 | High | 7.5 | 2024-09-30 | Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowi… |
CVE-2022-29249 | High | 7.5 | 2022-05-24 | JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The is… |
CVE-2021-39182 | High | 7.5 | 2021-11-08 | EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who ar… |
CVE-2025-41256 | High | 7.4 | 2025-06-25 | Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored… |