CWE-916
AllowedUse of Password Hash With Insufficient Computational Effort
Abstraction: Base · Status: Incomplete
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
162 vulnerabilities reference this CWE, most recent first.
GHSA-87JJ-8V4Q-QF9F
Vulnerability from github – Published: 2022-04-03 00:00 – Updated: 2022-04-09 00:00Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash.
{
"affected": [],
"aliases": [
"CVE-2022-25157"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-01T23:15:00Z",
"severity": "CRITICAL"
},
"details": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash.",
"id": "GHSA-87jj-8v4q-qf9f",
"modified": "2022-04-09T00:00:39Z",
"published": "2022-04-03T00:00:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25157"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8FF6-PC43-JWV3
Vulnerability from github – Published: 2025-08-28 13:33 – Updated: 2026-07-02 20:20Impact
NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed).
NeuVector generates a cryptographically secure, random 16-character salt and uses it with the PBKDF2 algorithm to create the hash value for the following actions:
- Creating a user
- Updating a user’s password
- Creating an API key
Note: After upgrading to NeuVector 5.4.6, users must log in again so that NeuVector can regenerate the password hash. For API keys, you must send at least one request per API key to regenerate its hash value.
Patches
This issue is fixed in NeuVector version 5.4.6 and later.
Workarounds
There is no workaround. Upgrade to a patched version of NeuVector as soon as possible.
References
If you have any questions or comments about this advisory:
- Reach out to the SUSE Rancher Security team for security related inquiries.
- Open an issue in the NeuVector repository.
- Verify with our support matrix and product support lifecycle.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/neuvector/neuvector"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20250825191744-da1a462074c3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-53884"
],
"database_specific": {
"cwe_ids": [
"CWE-759",
"CWE-916"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-28T13:33:14Z",
"nvd_published_at": "2025-09-17T13:15:33Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nNeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed).\n\nNeuVector generates a cryptographically secure, random 16-character salt and uses it with the PBKDF2 algorithm to create the hash value for the following actions:\n\n- Creating a user\n- Updating a user\u2019s password\n- Creating an API key\n\n**Note:** After upgrading to NeuVector 5.4.6, users must log in again so that NeuVector can regenerate the password hash. For API keys, you must send at least one request per API key to regenerate its hash value.\n\n### Patches\n\nThis issue is fixed in NeuVector version **5.4.6** and later.\n\n### Workarounds\n\nThere is no workaround. Upgrade to a patched version of NeuVector as soon as possible.\n\n### References\n\nIf you have any questions or comments about this advisory:\n\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [NeuVector](https://github.com/neuvector/neuvector/issues/new/choose) repository.\n- Verify with our [support matrix](https://www.suse.com/suse-neuvector/support-matrix/all-supported-versions/neuvector-v-all-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/#suse-security).",
"id": "GHSA-8ff6-pc43-jwv3",
"modified": "2026-07-02T20:20:12Z",
"published": "2025-08-28T13:33:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/neuvector/neuvector/security/advisories/GHSA-8ff6-pc43-jwv3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53884"
},
{
"type": "WEB",
"url": "https://github.com/neuvector/neuvector/pull/2084"
},
{
"type": "WEB",
"url": "https://github.com/neuvector/neuvector/pull/2085"
},
{
"type": "WEB",
"url": "https://github.com/neuvector/neuvector/commit/addc9308b3a6359c9789a62ac6e73594c9a544d0"
},
{
"type": "WEB",
"url": "https://github.com/neuvector/neuvector/commit/da1a462074c3d7d426dba0901840fd0e2146f63a"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53884"
},
{
"type": "PACKAGE",
"url": "https://github.com/neuvector/neuvector"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "NeuVector has an insecure password storage and is vulnerable to rainbow attack"
}
GHSA-8G25-XMMM-86QM
Vulnerability from github – Published: 2024-06-12 09:30 – Updated: 2024-09-16 21:30A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password.
If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).
{
"affected": [],
"aliases": [
"CVE-2024-3183"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-12T09:15:18Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client\u2019s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user\u2019s password.\n\nIf a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal\u2019s password).",
"id": "GHSA-8g25-xmmm-86qm",
"modified": "2024-09-16T21:30:37Z",
"published": "2024-06-12T09:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3183"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3754"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3755"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3756"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3757"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3758"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3759"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3760"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3761"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3775"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-3183"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270685"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WT3JL7JQDIAFKKEFARWYES7GZNWGQNCI"
},
{
"type": "WEB",
"url": "https://www.freeipa.org/release-notes/4-12-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8G98-M4J9-QWW5
Vulnerability from github – Published: 2025-06-18 17:51 – Updated: 2025-06-18 17:51Critical Security Advisory for Taylored npm package v7.0.7 - tag 7.0.5
Summary
A series of moderate to high-severity security vulnerabilities have been identified specifically in version 7.0.7 of `taylored`. These vulnerabilities reside in the "Backend-in-a-Box" template distributed with this version. They could allow a malicious actor to read arbitrary files from the server, download paid patches without completing a valid purchase, and weaken the protection of encrypted patches.
All users who have installed or generated a `taysell-server` using version 7.0.7 of `taylored` are strongly advised to immediately upgrade to version 7.0.8 (or later) and follow the required mitigation steps outlined below. Versions prior to 7.0.7 did not include the Taysell functionality and are therefore not affected by these specific issues.
Vulnerabilities Patched in v7.0.8
Version 7.0.8 addresses the following issues found in the v7.0.7 template:
- Path Traversal in Patch Download: The patch download endpoint did not properly sanitize the user-provided `patchId`. An attacker could have crafted a request with path traversal sequences (e.g., `../../etc/passwd`) to read arbitrary files from the server's filesystem. The `patchId` is now sanitized to ensure only files within the intended patches directory can be accessed.
- Missing PayPal Webhook Validation: The server endpoint did not cryptographically verify incoming payment notifications, allowing an attacker to spoof a purchase and gain unauthorized access to patches.
- Purchase Token Replay Vulnerability: A legitimate purchase token could be reused indefinitely. The system now correctly invalidates tokens after their first use.
- Insufficient PBKDF2 Iterations: The key derivation function used an insufficient number of iterations, making encrypted patches more susceptible to brute-force attacks. This has been strengthened.
Required Actions
To fix these vulnerabilities, users of version 7.0.7 must upgrade the `taylored` tool and regenerate their `taysell-server` instance.
Please follow these steps carefully:
-
Upgrade to the Secure Version of `taylored`: Open your terminal and run the following command to install the latest version: ```bash npm install -g taylored@latest ``` Verify that you have version 7.0.8 or later.
-
Remove the Vulnerable Backend: Navigate to the project directory where you previously generated the backend with v7.0.7 and completely delete the old `taysell-server` directory. ```bash # Back up any customizations if necessary rm -rf taysell-server ```
-
Generate the New, Secure Backend: From the same directory, run the `setup-backend` command again using the upgraded `taylored` tool. This will create a new `taysell-server` directory with the patched, secure code. ```bash taylored setup-backend ``` Follow the prompts and enter your PayPal credentials and server configuration. Using a new, strong, and unique `PATCH_ENCRYPTION_KEY` is highly recommended.
-
Recreate and Re-upload Commercial Patches: Due to the cryptography improvements, patches created with version 7.0.7 are not compatible with the new, secure backend. You must recreate them:
- For each of your commercial patches, run the `taylored create-taysell` command again.
- Upload the new encrypted files (e.g., `patch-name.taylored.encrypted`) to the `patches/` directory of your new `taysell-server`.
-
Launch the New Server: Start your new backend using Docker Compose: ```bash cd taysell-server docker-compose up --build -d ```
For questions or support, please refer to the official documentation or open an issue on our GitHub repository.
Thank you for your attention to this important update.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "taylored"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.5"
},
{
"fixed": "7.0.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-294",
"CWE-345",
"CWE-916"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-18T17:51:03Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Critical Security Advisory for Taylored npm package v7.0.7 - tag 7.0.5\n\n#### Summary\n\nA series of moderate to high-severity security vulnerabilities have been identified specifically in version **7.0.7 of \\`taylored\\`**. These vulnerabilities reside in the \"Backend-in-a-Box\" template distributed with this version. They could allow a malicious actor to read arbitrary files from the server, download paid patches without completing a valid purchase, and weaken the protection of encrypted patches.\n\n**All users who have installed or generated a \\`taysell-server\\` using version 7.0.7 of \\`taylored\\` are strongly advised to immediately upgrade to version 7.0.8 (or later) and follow the required mitigation steps outlined below.** Versions prior to 7.0.7 did not include the Taysell functionality and are therefore not affected by these specific issues.\n\n#### Vulnerabilities Patched in v7.0.8\n\nVersion 7.0.8 addresses the following issues found in the v7.0.7 template:\n\n1. **Path Traversal in Patch Download:** The patch download endpoint did not properly sanitize the user-provided \\`patchId\\`. An attacker could have crafted a request with path traversal sequences (e.g., \\`../../etc/passwd\\`) to read arbitrary files from the server\u0027s filesystem. The \\`patchId\\` is now sanitized to ensure only files within the intended patches directory can be accessed.\n2. **Missing PayPal Webhook Validation:** The server endpoint did not cryptographically verify incoming payment notifications, allowing an attacker to spoof a purchase and gain unauthorized access to patches.\n3. **Purchase Token Replay Vulnerability:** A legitimate purchase token could be reused indefinitely. The system now correctly invalidates tokens after their first use.\n4. **Insufficient PBKDF2 Iterations:** The key derivation function used an insufficient number of iterations, making encrypted patches more susceptible to brute-force attacks. This has been strengthened.\n\n### Required Actions\n\nTo fix these vulnerabilities, users of version **7.0.7** must **upgrade the \\`taylored\\` tool and regenerate their \\`taysell-server\\` instance**.\n\nPlease follow these steps carefully:\n\n1. **Upgrade to the Secure Version of \\`taylored\\`:**\n Open your terminal and run the following command to install the latest version:\n \\`\\`\\`bash\n npm install -g taylored@latest\n \\`\\`\\`\n Verify that you have version 7.0.8 or later.\n\n2. **Remove the Vulnerable Backend:**\n Navigate to the project directory where you previously generated the backend with v7.0.7 and **completely delete the old \\`taysell-server\\` directory**.\n \\`\\`\\`bash\n # Back up any customizations if necessary\n rm -rf taysell-server\n \\`\\`\\`\n\n3. **Generate the New, Secure Backend:**\n From the same directory, run the \\`setup-backend\\` command again using the upgraded \\`taylored\\` tool. This will create a new \\`taysell-server\\` directory with the patched, secure code.\n \\`\\`\\`bash\n taylored setup-backend\n \\`\\`\\`\n Follow the prompts and enter your PayPal credentials and server configuration. **Using a new, strong, and unique \\`PATCH_ENCRYPTION_KEY\\` is highly recommended.**\n\n4. **Recreate and Re-upload Commercial Patches:**\n Due to the cryptography improvements, **patches created with version 7.0.7 are not compatible with the new, secure backend**. You must recreate them:\n * For each of your commercial patches, run the \\`taylored create-taysell\\` command again.\n * Upload the new encrypted files (e.g., \\`patch-name.taylored.encrypted\\`) to the \\`patches/\\` directory of your new \\`taysell-server\\`.\n\n5. **Launch the New Server:**\n Start your new backend using Docker Compose:\n \\`\\`\\`bash\n cd taysell-server\n docker-compose up --build -d\n \\`\\`\\`\n\nFor questions or support, please refer to the official documentation or open an issue on our GitHub repository.\n\nThank you for your attention to this important update.",
"id": "GHSA-8g98-m4j9-qww5",
"modified": "2025-06-18T17:51:03Z",
"published": "2025-06-18T17:51:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tailot/taylored/security/advisories/GHSA-8g98-m4j9-qww5"
},
{
"type": "WEB",
"url": "https://github.com/tailot/taylored/commit/57b7634391959dbbdb39b387ac4dc68157cd58a1"
},
{
"type": "PACKAGE",
"url": "https://github.com/tailot/taylored"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Taylored webhook validation vulnerabilities"
}
GHSA-8X5Q-733V-52JC
Vulnerability from github – Published: 2025-04-30 12:31 – Updated: 2025-04-30 12:31A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users.
{
"affected": [],
"aliases": [
"CVE-2025-24340"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-30T11:15:49Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users.",
"id": "GHSA-8x5q-733v-52jc",
"modified": "2025-04-30T12:31:23Z",
"published": "2025-04-30T12:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24340"
},
{
"type": "WEB",
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-96WM-8V29-WG5G
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.
{
"affected": [],
"aliases": [
"CVE-2020-14516"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-18T18:15:00Z",
"severity": "CRITICAL"
},
"details": "In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.",
"id": "GHSA-96wm-8v29-wg5g",
"modified": "2022-05-24T17:44:47Z",
"published": "2022-05-24T17:44:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14516"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-054-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9HXH-5WX3-5H84
Vulnerability from github – Published: 2023-07-07 00:30 – Updated: 2024-04-04 05:50PiiGAB M-Bus stores passwords using a weak hash algorithm.
{
"affected": [],
"aliases": [
"CVE-2023-34433"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-07T00:15:09Z",
"severity": "CRITICAL"
},
"details": "\n\n\n\n\n\n\n\n\n\n\n\n\nPiiGAB M-Bus stores passwords using a weak hash algorithm.\n\n",
"id": "GHSA-9hxh-5wx3-5h84",
"modified": "2024-04-04T05:50:13Z",
"published": "2023-07-07T00:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34433"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9MGJ-2PHG-CC26
Vulnerability from github – Published: 2022-05-11 00:01 – Updated: 2022-05-20 00:00A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users.
{
"affected": [],
"aliases": [
"CVE-2022-24041"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-10T11:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in Desigo DXR2 (All versions \u003c V01.21.142.5-22), Desigo PXC3 (All versions \u003c V01.21.142.4-18), Desigo PXC4 (All versions \u003c V02.20.142.10-10884), Desigo PXC5 (All versions \u003c V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users.",
"id": "GHSA-9mgj-2phg-cc26",
"modified": "2022-05-20T00:00:37Z",
"published": "2022-05-11T00:01:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24041"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9PMH-R27R-8VX3
Vulnerability from github – Published: 2023-08-24 21:30 – Updated: 2024-04-04 07:11The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.
{
"affected": [],
"aliases": [
"CVE-2023-31412"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-24T19:15:33Z",
"severity": "HIGH"
},
"details": "The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.",
"id": "GHSA-9pmh-r27r-8vx3",
"modified": "2024-04-04T07:11:33Z",
"published": "2023-08-24T21:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31412"
},
{
"type": "WEB",
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json"
},
{
"type": "WEB",
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9QF7-Q6GX-Q652
Vulnerability from github – Published: 2026-03-05 18:31 – Updated: 2026-03-25 18:31Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction.
This issue affects RustDesk Client: through 1.4.5.
{
"affected": [],
"aliases": [
"CVE-2026-30789"
],
"database_specific": {
"cwe_ids": [
"CWE-294",
"CWE-307",
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-05T16:16:19Z",
"severity": "CRITICAL"
},
"details": "Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction.\n\nThis issue affects RustDesk Client: through 1.4.5.",
"id": "GHSA-9qf7-q6gx-q652",
"modified": "2026-03-25T18:31:36Z",
"published": "2026-03-05T18:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30789"
},
{
"type": "WEB",
"url": "https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub"
},
{
"type": "WEB",
"url": "https://rustdesk.com/docs/en/client"
},
{
"type": "WEB",
"url": "https://www.vulsec.org"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-51
- Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.
- Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.
- Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment's needs.
Mitigation MIT-25
When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
CAPEC-55: Rainbow Table Password Cracking
An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system.