Common Weakness Enumeration

CWE-916

Allowed

Use of Password Hash With Insufficient Computational Effort

Abstraction: Base · Status: Incomplete

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

162 vulnerabilities reference this CWE, most recent first.

GHSA-35QW-39FH-853X

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12
VLAI
Details

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33003"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-327",
      "CWE-916"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-30T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.",
  "id": "GHSA-35qw-39fh-853x",
  "modified": "2022-05-24T19:12:28Z",
  "published": "2022-05-24T19:12:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33003"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3MM6-HC5R-P5RX

Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2022-05-13 01:05
VLAI
Details

Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-3907"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-916"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-18T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).",
  "id": "GHSA-3mm6-hc5r-p5rx",
  "modified": "2022-05-13T01:05:22Z",
  "published": "2022-05-13T01:05:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3907"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2019-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106552"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3P7G-WRGG-WQ45

Vulnerability from github – Published: 2022-11-10 21:35 – Updated: 2022-11-10 21:35
VLAI
Summary
GraphQL queries can expose password hashes
Details

Impact

Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically but not necessarily limited to administrators and editors.

Patches

Affected versions: Ibexa DXP v3.3.*, v4.2.*, eZ Platform v2.5.* Resolving versions: Ibexa DXP v3.3.28, v4.2.3, eZ Platform v2.5.31

Workarounds

Remove the "passwordHash" entry from "src/bundle/Resources/config/graphql/User.types.yaml" in the GraphQL package, and other properties like hash type, email, login if you prefer.

References

This issue was reported to us by Philippe Tranca ("trancap") of the company Lexfo. We are very grateful for their research, and responsible disclosure to us of this critical vulnerability.

For more information

If you have any questions or comments about this advisory, please contact Support via your service portal.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "ibexa/graphql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "ibexa/graphql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2.0"
            },
            {
              "fixed": "4.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "ibexa/graphql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.3.0"
            },
            {
              "fixed": "3.3.28"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-916"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-10T21:35:49Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Impact\nUnauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically but not necessarily limited to administrators and editors.\n\n### Patches\nAffected versions: Ibexa DXP v3.3.\\*, v4.2.\\*, eZ Platform v2.5.\\*\nResolving versions: Ibexa DXP v3.3.28, v4.2.3, eZ Platform v2.5.31\n\n### Workarounds\nRemove the \"passwordHash\" entry from \"src/bundle/Resources/config/graphql/User.types.yaml\" in the GraphQL package, and other properties like hash type, email, login if you prefer.\n\n### References\n\nThis issue was reported to us by Philippe Tranca (\"trancap\") of the company Lexfo. We are very grateful for their research, and responsible disclosure to us of this critical vulnerability. \n\n### For more information\nIf you have any questions or comments about this advisory, please contact Support via your service portal.",
  "id": "GHSA-3p7g-wrgg-wq45",
  "modified": "2022-11-10T21:35:49Z",
  "published": "2022-11-10T21:35:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ibexa/graphql/security/advisories/GHSA-3p7g-wrgg-wq45"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ibexa/graphql/commit/5ae5fb4d1d292ddde8528e040ef8a7c8dd7f9c6d"
    },
    {
      "type": "WEB",
      "url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ibexa/graphql"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "GraphQL queries can expose password hashes"
}

GHSA-43GR-9JJM-9RF2

Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-05-24 19:16
VLAI
Details

An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38400"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-916"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-04T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.",
  "id": "GHSA-43gr-9jjm-9rf2",
  "modified": "2022-05-24T19:16:25Z",
  "published": "2022-05-24T19:16:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38400"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-43H9-P3J4-39HM

Vulnerability from github – Published: 2024-02-20 12:31 – Updated: 2024-12-11 22:02
VLAI
Summary
Liferay Portal defaults to a low work factor for the default password hashing algorithm
Details

The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay.portal:release.dxp.bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.3.0"
            },
            {
              "fixed": "7.3.10.u4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay.portal:release.dxp.bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.2.10.fp17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay.portal:release.dxp.bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.4.0"
            },
            {
              "fixed": "7.4.13.u16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay.portal:release.portal.bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.3.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay.portal:com.liferay.portal.kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "38.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-25607"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-916"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-11T22:02:12Z",
    "nvd_published_at": "2024-02-20T10:15:08Z",
    "severity": "HIGH"
  },
  "details": "The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.",
  "id": "GHSA-43h9-p3j4-39hm",
  "modified": "2024-12-11T22:02:12Z",
  "published": "2024-02-20T12:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25607"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/liferay/liferay-portal"
    },
    {
      "type": "WEB",
      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Liferay Portal defaults to a low work factor for the default password hashing algorithm"
}

GHSA-4877-H7J8-9393

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04
VLAI
Details

Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-0030"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-916"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-15T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.",
  "id": "GHSA-4877-h7j8-9393",
  "modified": "2022-05-13T01:04:51Z",
  "published": "2022-05-13T01:04:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0030"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA10918"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4Q2W-436R-JX75

Vulnerability from github – Published: 2022-03-10 00:00 – Updated: 2022-03-17 00:02
VLAI
Details

Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode.

An attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration.

Fixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes.

This issue does not impact Prisma Access firewalls.

This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; All versions of PAN-OS 9.0; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0022"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-916"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-09T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode.\n\nAn attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration.\n\nFixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes.\n\nThis issue does not impact Prisma Access firewalls.\n\nThis issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.21;\nAll versions of PAN-OS 9.0;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.7.",
  "id": "GHSA-4q2w-436r-jx75",
  "modified": "2022-03-17T00:02:10Z",
  "published": "2022-03-10T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0022"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0022"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4QQF-XJMF-3H2V

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32519"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-916"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-07T14:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash.",
  "id": "GHSA-4qqf-xjmf-3h2v",
  "modified": "2022-05-24T19:07:02Z",
  "published": "2022-05-24T19:07:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32519"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-4875-692f0-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-54QX-8P8W-XHG8

Vulnerability from github – Published: 2022-09-16 21:05 – Updated: 2022-09-16 21:05
VLAI
Summary
SFTPGo vulnerable to recovery codes abuse
Details

Impact

SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a seconday authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes that can be used instead of the TOTP.

In SFTPGo versions from v2.2.0 to v2.3.3 recovery codes can be generated before enabling two-factor authentication. An attacker who knows the user's password could potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time.

Patches

Fixed in v2.3.4. Recovery codes can now only be generated after enabling two-factor authentication and are deleted after disabling it.

Workarounds

Regenerate recovery codes after enabling two-factor authentication.

References

https://github.com/drakkan/sftpgo/issues/965

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/drakkan/sftpgo/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-36071"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-916"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-16T21:05:28Z",
    "nvd_published_at": "2022-09-02T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nSFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a seconday authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes that can be used instead of the TOTP.\n\nIn SFTPGo versions from v2.2.0 to v2.3.3 recovery codes can be generated before enabling two-factor authentication.\nAn attacker who knows the user\u0027s password could potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time.\n\n### Patches\n\nFixed in v2.3.4.\nRecovery codes can now only be generated after enabling two-factor authentication and are deleted after disabling it.\n\n### Workarounds\n\nRegenerate recovery codes after enabling two-factor authentication.\n\n### References\n\nhttps://github.com/drakkan/sftpgo/issues/965\n",
  "id": "GHSA-54qx-8p8w-xhg8",
  "modified": "2022-09-16T21:05:28Z",
  "published": "2022-09-16T21:05:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/drakkan/sftpgo/security/advisories/GHSA-54qx-8p8w-xhg8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36071"
    },
    {
      "type": "WEB",
      "url": "https://github.com/drakkan/sftpgo/issues/965"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/drakkan/sftpgo"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SFTPGo vulnerable to recovery codes abuse"
}

GHSA-5639-PW35-5QQW

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20
VLAI
Details

Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0533"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-916"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-15T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.",
  "id": "GHSA-5639-pw35-5qqw",
  "modified": "2022-05-24T17:20:26Z",
  "published": "2022-05-24T17:20:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0533"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200611-0006"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/de/en/product_security/len-30041"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-51
Architecture and Design
  • Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.
  • Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.
  • Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment's needs.
Mitigation MIT-25
Implementation Architecture and Design

When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.

CAPEC-55: Rainbow Table Password Cracking

An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system.