CWE-916 · Use of Password Hash With Insufficient Computational Effort
58 CVEs classified under CWE-916 (Use of Password Hash With Insufficient Computational Effort). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-5743 | Critical | 9.8 | 2025-01-13 | An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This… |
CVE-2021-32519 | Critical | 9.8 | 2021-07-07 | Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-tex… |
CVE-2026-45787 | Critical | 9.1 | 2026-05-28 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, const… |
CVE-2023-46233 | Critical | 9.1 | 2023-10-25 | crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at… |
CVE-2023-46133 | Critical | 9.1 | 2023-10-25 | CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally… |
CVE-2023-5846 | High | 8.3 | 2023-11-02 | Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to th… |
CVE-2021-32997 | High | 8.2 | 2022-05-25 | The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versi… |
CVE-2024-3183 | High | 8.1 | 2024-06-12 | A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session… |
CVE-2024-25607 | High | 8.1 | 2024-02-20 | The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before… |
CVE-2020-14512 | High | 8.1 | 2020-08-25 | GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords. |
CVE-2025-2265 | High | 7.8 | 2025-03-13 | The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite d… |
CVE-2020-12069 | High | 7.8 | 2022-12-26 | In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords… |
CVE-2025-3937 | High | 7.7 | 2025-05-22 | Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Secur… |
CVE-2023-34433 | High | 7.5 | 2023-07-06 | PiiGAB M-Bus stores passwords using a weak hash algorithm. |
CVE-2023-27580 | High | 7.5 | 2023-03-13 | CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage… |
CVE-2022-1235 | High | 7.5 | 2022-04-05 | Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. |
CVE-2021-43989 | High | 7.5 | 2021-12-23 | mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. |
CVE-2021-39182 | High | 7.5 | 2021-11-08 | EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who ar… |
CVE-2020-16231 | High | 7.2 | 2022-05-19 | The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers… |
CVE-2021-38400 | Medium | 6.9 | 2021-10-04 | An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the… |