CWE-916— Use of Password Hash With Insufficient Computational Effort
114 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-916page 3 of 3
- CVE-2025-2349LOWCVSS 3.1EG 3.12025-03-16
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulatio…
- CVE-2025-24340MEDIUMCVSS 6.5EG 6.52025-04-30
A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users.
- CVE-2025-26486MEDIUMCVSS 6.0EG 6.02025-03-19
Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacke…
- CVE-2025-27551MEDIUMCVSS 4.0EG 4.02025-03-26
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm. This issue affects DBIx::Class…
- CVE-2025-27552MEDIUMCVSS 4.0EG 4.02025-03-26
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedCo…
- CVE-2025-3937HIGHCVSS 7.7EG 7.72025-05-22
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Fram…
- CVE-2025-41692MEDIUMCVSS 6.8EG 6.82025-12-09
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.
- CVE-2025-46413MEDIUMCVSS 4.3EG 4.32025-11-07
Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker.
- CVE-2025-67168MEDIUMCVSS 5.3EG 5.32025-12-17
RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords.
- CVE-2025-7789LOWCVSS 3.7EG 3.72025-07-18
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Gen…
- CVE-2026-25861MEDIUMCVSS 5.9EG 5.92026-06-02
QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt() function w…
- CVE-2026-44611MEDIUMCVSS 5.4EG 5.42026-05-29
Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.
- CVE-2026-45027MEDIUMCVSS 5.9EG 5.92026-05-27
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash() function with the SHA-256 algorithm and no salt before comparing it to the…
- CVE-2026-45787CRITICALCVSS 9.1EG 6.02026-05-28
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for syn…
Map vulnerabilities like CWE-916 to your infrastructure
EchelonGraph correlates every CVE — across CWE-916 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →