CWE-916
AllowedUse of Password Hash With Insufficient Computational Effort
Abstraction: Base · Status: Incomplete
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
162 vulnerabilities reference this CWE, most recent first.
GHSA-WCJ6-5X6P-2Q4P
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2024-07-30 03:30An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device.
{
"affected": [],
"aliases": [
"CVE-2019-20466"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-02T16:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the \"default\" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device.",
"id": "GHSA-wcj6-5x6p-2q4p",
"modified": "2024-07-30T03:30:50Z",
"published": "2022-05-24T17:46:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20466"
},
{
"type": "WEB",
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-baby-monitors-part-2"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WQ69-VPQ9-X8VQ
Vulnerability from github – Published: 2022-04-07 00:00 – Updated: 2022-04-14 00:00A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored.
{
"affected": [],
"aliases": [
"CVE-2021-26113"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-06T16:15:00Z",
"severity": "HIGH"
},
"details": "A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored.",
"id": "GHSA-wq69-vpq9-x8vq",
"modified": "2022-04-14T00:00:29Z",
"published": "2022-04-07T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26113"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-21-064"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WRQP-7JWM-PJQG
Vulnerability from github – Published: 2022-04-03 00:00 – Updated: 2022-04-09 00:00Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash.
{
"affected": [],
"aliases": [
"CVE-2022-25156"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-01T23:15:00Z",
"severity": "HIGH"
},
"details": "Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash.",
"id": "GHSA-wrqp-7jwm-pjqg",
"modified": "2022-04-09T00:00:40Z",
"published": "2022-04-03T00:00:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25156"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU96577897/index.html"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WV62-MC54-722C
Vulnerability from github – Published: 2024-12-17 21:30 – Updated: 2024-12-18 00:31Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts.
{
"affected": [],
"aliases": [
"CVE-2024-55057"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-17T21:15:08Z",
"severity": "MODERATE"
},
"details": "Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts.",
"id": "GHSA-wv62-mc54-722c",
"modified": "2024-12-18T00:31:23Z",
"published": "2024-12-17T21:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55057"
},
{
"type": "WEB",
"url": "https://github.com/SCR-athif/CVE/tree/main/CVE-2024-55057"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X2G5-FVC2-GQVP
Vulnerability from github – Published: 2026-03-05 21:54 – Updated: 2026-06-24 13:06Description
The default bcrypt salt rounds is set to 5, which is below the recommended minimum for security.
Affected Code
export function getHash(value: string) {
const salt = bcrypt.genSaltSync(parseInt(process.env.PASSWORD_SALT_HASH_ROUNDS || '5'))
return bcrypt.hashSync(value, salt)
}
Evidence
Using 5 salt rounds provides 2^5 = 32 iterations, which is far below the OWASP recommendation of 10 (2^10 = 1024 iterations) for bcrypt. This makes password hashes vulnerable to brute-force attacks with modern hardware.
Impact
Faster password cracking - in the event of database compromise, attackers can crack password hashes significantly faster than with proper salt rounds, potentially compromising all user accounts.
Recommendation
Increase default PASSWORD_SALT_HASH_ROUNDS to at least 10 (recommended by OWASP). Consider using 12 for better security-performance balance. Document that higher values increase login time but improve security.
Notes
The default bcrypt salt rounds is 5 (line 6), which provides only 2^5=32 iterations. OWASP recommends minimum 10 rounds (1024 iterations) for bcrypt. While configurable via PASSWORD_SALT_HASH_ROUNDS env var, the default matters because: (1) most deployments use defaults, (2) existing password hashes at 5 rounds remain vulnerable even if later increased. With modern GPUs, 5 rounds allows ~300,000 hashes/second vs ~10,000/second at 10 rounds - a 30x difference in cracking speed. In a database breach scenario, all user passwords could be cracked significantly faster. The same weak default is used in resetPassword (account.service.ts:568). This is a cryptographic weakness with real-world impact on password security.
Detection Method: Kolega.dev Deep Code Scan
| Attribute | Value |
|---|---|
| Severity | Medium |
| CWE | CWE-916 (Use of Password Hash With Insufficient Computational Effort) |
| Location | packages/server/src/enterprise/utils/encryption.util.ts:5-7 |
| Practical Exploitability | Medium |
| Developer Approver | faizan@kolega.ai |
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.0.12"
},
"package": {
"ecosystem": "npm",
"name": "flowise"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-56272"
],
"database_specific": {
"cwe_ids": [
"CWE-328",
"CWE-916"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-05T21:54:31Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Description\nThe default bcrypt salt rounds is set to 5, which is below the recommended minimum for security.\n\n### Affected Code\n```\nexport function getHash(value: string) {\n const salt = bcrypt.genSaltSync(parseInt(process.env.PASSWORD_SALT_HASH_ROUNDS || \u00275\u0027))\n return bcrypt.hashSync(value, salt)\n}\n```\n\n### Evidence\nUsing 5 salt rounds provides 2^5 = 32 iterations, which is far below the OWASP recommendation of 10 (2^10 = 1024 iterations) for bcrypt. This makes password hashes vulnerable to brute-force attacks with modern hardware.\n\n### Impact\nFaster password cracking - in the event of database compromise, attackers can crack password hashes significantly faster than with proper salt rounds, potentially compromising all user accounts.\n\n### Recommendation\nIncrease default PASSWORD_SALT_HASH_ROUNDS to at least 10 (recommended by OWASP). Consider using 12 for better security-performance balance. Document that higher values increase login time but improve security.\n\n### Notes\nThe default bcrypt salt rounds is 5 (line 6), which provides only 2^5=32 iterations. OWASP recommends minimum 10 rounds (1024 iterations) for bcrypt. While configurable via PASSWORD_SALT_HASH_ROUNDS env var, the default matters because: (1) most deployments use defaults, (2) existing password hashes at 5 rounds remain vulnerable even if later increased. With modern GPUs, 5 rounds allows ~300,000 hashes/second vs ~10,000/second at 10 rounds - a 30x difference in cracking speed. In a database breach scenario, all user passwords could be cracked significantly faster. The same weak default is used in resetPassword (account.service.ts:568). This is a cryptographic weakness with real-world impact on password security.\n\n**Detection Method:** Kolega.dev Deep Code Scan\n\n| Attribute | Value |\n|---|---|\n| Severity | Medium |\n| CWE | CWE-916 (Use of Password Hash With Insufficient Computational Effort) |\n| Location | packages/server/src/enterprise/utils/encryption.util.ts:5-7 |\n| Practical Exploitability | Medium |\n| Developer Approver | faizan@kolega.ai |",
"id": "GHSA-x2g5-fvc2-gqvp",
"modified": "2026-06-24T13:06:50Z",
"published": "2026-03-05T21:54:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-x2g5-fvc2-gqvp"
},
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/pull/5665"
},
{
"type": "PACKAGE",
"url": "https://github.com/FlowiseAI/Flowise"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Flowise has Insufficient Password Salt Rounds"
}
GHSA-X56C-3WF3-RM6R
Vulnerability from github – Published: 2022-04-30 18:17 – Updated: 2024-02-14 18:30Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing.
{
"affected": [],
"aliases": [
"CVE-2001-0967"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2001-08-31T04:00:00Z",
"severity": "HIGH"
},
"details": "Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing.",
"id": "GHSA-x56c-3wf3-rm6r",
"modified": "2024-02-14T18:30:21Z",
"published": "2022-04-30T18:17:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2001-0967"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-08/0228.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/3204"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X5GW-MQGF-FWH3
Vulnerability from github – Published: 2024-01-02 21:30 – Updated: 2024-01-09 18:30The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.
{
"affected": [],
"aliases": [
"CVE-2022-3010"
],
"database_specific": {
"cwe_ids": [
"CWE-1391",
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-02T19:15:09Z",
"severity": "HIGH"
},
"details": "The Priva TopControl Suite contains\u00a0predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.",
"id": "GHSA-x5gw-mqgf-fwh3",
"modified": "2024-01-09T18:30:26Z",
"published": "2024-01-02T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3010"
},
{
"type": "WEB",
"url": "https://csirt.divd.nl/CVE-2022-3010"
},
{
"type": "WEB",
"url": "https://csirt.divd.nl/DIVD-2022-00035"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X5M5-RJJ5-W94H
Vulnerability from github – Published: 2022-05-26 00:01 – Updated: 2022-06-15 00:00The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access.
{
"affected": [],
"aliases": [
"CVE-2021-32997"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-25T14:15:00Z",
"severity": "HIGH"
},
"details": "The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx \u0026 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access.",
"id": "GHSA-x5m5-rjj5-w94h",
"modified": "2022-06-15T00:00:24Z",
"published": "2022-05-26T00:01:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32997"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-231-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X9XM-PQF5-5G9W
Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2022-05-24 17:08MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash (the hash never expires until used).
{
"affected": [],
"aliases": [
"CVE-2019-20062"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-10T13:15:00Z",
"severity": "MODERATE"
},
"details": "MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash (the hash never expires until used).",
"id": "GHSA-x9xm-pqf5-5g9w",
"modified": "2022-05-24T17:08:21Z",
"published": "2022-05-24T17:08:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20062"
},
{
"type": "WEB",
"url": "https://medium.com/@jra8908/yetishare-3-5-2-4-5-4-multiple-vulnerabilities-927d17b71ad"
},
{
"type": "WEB",
"url": "https://mfscripts.com"
},
{
"type": "WEB",
"url": "https://yetishare.com"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XCXP-3WHG-H83C
Vulnerability from github – Published: 2026-06-03 00:30 – Updated: 2026-06-03 00:30QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt() function within classes/Tools.php, which concatenates a static cookie key with the supplied password. Attackers can perform offline brute-force attacks against the MD5 hashes, with the risk compounded by auto-generated 8-character passwords assigned during guest-to-customer account conversion in classes/Customer.php, making credential recovery trivial.
{
"affected": [],
"aliases": [
"CVE-2026-25861"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-02T23:16:35Z",
"severity": "HIGH"
},
"details": "QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt() function within classes/Tools.php, which concatenates a static cookie key with the supplied password. Attackers can perform offline brute-force attacks against the MD5 hashes, with the risk compounded by auto-generated 8-character passwords assigned during guest-to-customer account conversion in classes/Customer.php, making credential recovery trivial.",
"id": "GHSA-xcxp-3whg-h83c",
"modified": "2026-06-03T00:30:26Z",
"published": "2026-06-03T00:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25861"
},
{
"type": "WEB",
"url": "https://github.com/Qloapps/QloApps/pull/1689"
},
{
"type": "WEB",
"url": "https://github.com/Qloapps/QloApps/commit/64e9722e7e6a8fda77dd53964d988fb6b5c3d174"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/qloapps-weak-password-hashing-via-md5-in-tools-php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-51
- Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.
- Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.
- Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment's needs.
Mitigation MIT-25
When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
CAPEC-55: Rainbow Table Password Cracking
An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system.