CWE-916
AllowedUse of Password Hash With Insufficient Computational Effort
Abstraction: Base · Status: Incomplete
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
162 vulnerabilities reference this CWE, most recent first.
GHSA-5Q5J-X9P3-CG4X
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.
{
"affected": [],
"aliases": [
"CVE-2025-41692"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T16:17:48Z",
"severity": "MODERATE"
},
"details": "A high privileged remote attacker with admin privileges for the webUI can brute-force the \"root\" and \"user\" passwords of the underlying OS due to a weak password generation algorithm.",
"id": "GHSA-5q5j-x9p3-cg4x",
"modified": "2025-12-09T18:30:36Z",
"published": "2025-12-09T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41692"
},
{
"type": "WEB",
"url": "https://certvde.com/de/advisories/VDE-2025-071"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5XC5-CRM5-W93R
Vulnerability from github – Published: 2021-12-24 00:00 – Updated: 2023-07-21 18:30mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.
{
"affected": [],
"aliases": [
"CVE-2021-43989"
],
"database_specific": {
"cwe_ids": [
"CWE-327",
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-23T20:15:00Z",
"severity": "HIGH"
},
"details": "mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.",
"id": "GHSA-5xc5-crm5-w93r",
"modified": "2023-07-21T18:30:32Z",
"published": "2021-12-24T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43989"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-66RQ-9HRQ-6RW4
Vulnerability from github – Published: 2022-05-01 23:41 – Updated: 2024-02-14 18:30ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.
{
"affected": [],
"aliases": [
"CVE-2008-1526"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-03-26T10:44:00Z",
"severity": "MODERATE"
},
"details": "ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.",
"id": "GHSA-66rq-9hrq-6rw4",
"modified": "2024-02-14T18:30:23Z",
"published": "2022-05-01T23:41:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1526"
},
{
"type": "WEB",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge"
},
{
"type": "WEB",
"url": "http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-69X8-HRGQ-FJJ8
Vulnerability from github – Published: 2026-04-08 00:04 – Updated: 2026-04-08 00:04Impact
Three issues combine into a full authentication bypass chain:
- Weak hashing: User passwords are stored as unsalted SHA-256 hashes, making them vulnerable to rainbow table attacks and trivially identifying users with identical passwords.
- Hash exposure: Multiple API endpoints (/user/info, /user/update, /spend/users) return the password hash field in responses to any authenticated user regardless of role. Plaintext passwords could also potentially be exposed in certain scenarios.
- Pass-the-hash: The /v2/login endpoint accepts the raw SHA-256 hash as a valid password without re-hashing, allowing direct login with a stolen
An already authenticated user can retrieve another user's password hash from the API and use it to log in as that user. This enables full privilege escalation in three HTTP requests.
Patches
Fixed in v1.83.0. Passwords are now hashed with scrypt (random 16-byte salt, n=16384, r=8, p=1). Password hashes are stripped from all API responses. Existing SHA-256 hashes are transparently migrated on next login.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "litellm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.83.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-327",
"CWE-916"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-08T00:04:12Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\n\nThree issues combine into a full authentication bypass chain:\n\n1. Weak hashing: User passwords are stored as unsalted SHA-256 hashes, making them vulnerable to rainbow table attacks and trivially identifying users with identical passwords.\n2. Hash exposure: Multiple API endpoints (/user/info, /user/update, /spend/users) return the password hash field in responses to any authenticated user regardless of role. Plaintext passwords could also potentially be exposed in certain scenarios.\n4. Pass-the-hash: The /v2/login endpoint accepts the raw SHA-256 hash as a valid password without re-hashing, allowing direct login with a stolen\n\nAn already authenticated user can retrieve another user\u0027s password hash from the API and use it to log in as that user. This enables full privilege escalation in three HTTP requests.\n\n### Patches\n\nFixed in v1.83.0. Passwords are now hashed with scrypt (random 16-byte salt, n=16384, r=8, p=1). Password hashes are stripped from all API responses. Existing SHA-256 hashes are transparently migrated on next login.",
"id": "GHSA-69x8-hrgq-fjj8",
"modified": "2026-04-08T00:04:12Z",
"published": "2026-04-08T00:04:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-69x8-hrgq-fjj8"
},
{
"type": "PACKAGE",
"url": "https://github.com/BerriAI/litellm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "LiteLLM: Password hash exposure and pass-the-hash authentication bypass"
}
GHSA-6VJ4-7PWQ-5WQ3
Vulnerability from github – Published: 2022-05-01 01:48 – Updated: 2024-02-09 03:32CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.
{
"affected": [],
"aliases": [
"CVE-2005-0408"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-02-14T05:00:00Z",
"severity": "HIGH"
},
"details": "CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the \"boogaadeeboo\" string, which is hard-coded in the $hidden_hash variable.",
"id": "GHSA-6vj4-7pwq-5wq3",
"modified": "2024-02-09T03:32:52Z",
"published": "2022-05-01T01:48:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0408"
},
{
"type": "WEB",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031707.html"
},
{
"type": "WEB",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-002.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6VQQ-HCVJ-CX94
Vulnerability from github – Published: 2026-07-14 21:32 – Updated: 2026-07-14 21:32TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks.
Successful exploitation may result in disclosure of authentication credentials, enabling unauthorized access to device management functions, depending on the privileges associated with the recovered password. The primary security impact is loss of confidentiality.
{
"affected": [],
"aliases": [
"CVE-2026-5040"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T19:18:03Z",
"severity": "HIGH"
},
"details": "TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks.\n\nSuccessful exploitation may result in disclosure of authentication credentials, enabling unauthorized access to device management functions, depending on the privileges associated with the recovered password. The primary security impact is loss of confidentiality.",
"id": "GHSA-6vqq-hcvj-cx94",
"modified": "2026-07-14T21:32:16Z",
"published": "2026-07-14T21:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5040"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/en/support/download/deco-m5/v1/#Firmware"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/us/support/download/deco-m5/v1/#Firmware"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/us/support/faq/5190"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-725V-VJC6-H9FQ
Vulnerability from github – Published: 2025-01-13 18:31 – Updated: 2025-01-13 18:31An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code.
This issue affects Eve Play: through 1.1.42.
{
"affected": [],
"aliases": [
"CVE-2024-5743"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-13T18:15:19Z",
"severity": "CRITICAL"
},
"details": "An attacker could exploit the \u0027Use of Password Hash With Insufficient Computational Effort\u0027 vulnerability in EveHome Eve Play to execute arbitrary code.\n\nThis issue affects Eve Play: through 1.1.42.",
"id": "GHSA-725v-vjc6-h9fq",
"modified": "2025-01-13T18:31:55Z",
"published": "2025-01-13T18:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5743"
},
{
"type": "WEB",
"url": "https://www.evehome.com/en-us/security-content"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-78M8-HFV5-FGFV
Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2022-06-14 00:00An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users.
{
"affected": [],
"aliases": [
"CVE-2022-29731"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T14:15:00Z",
"severity": "MODERATE"
},
"details": "An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users.",
"id": "GHSA-78m8-hfv5-fgfv",
"modified": "2022-06-14T00:00:38Z",
"published": "2022-06-03T00:01:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29731"
},
{
"type": "WEB",
"url": "https://www.ict.co"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5700.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7CWQ-P8CR-H9QG
Vulnerability from github – Published: 2023-09-08 00:31 – Updated: 2023-12-13 23:22Buttercup allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/.
This affects the Buttercup app up to version 2.20.3.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "buttercup"
},
"ranges": [
{
"events": [
{
"introduced": "2.20.3"
},
{
"fixed": "7.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-41646"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-13T23:22:06Z",
"nvd_published_at": "2023-09-07T22:15:07Z",
"severity": "MODERATE"
},
"details": "Buttercup allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/.\n\nThis affects the Buttercup app up to version 2.20.3.",
"id": "GHSA-7cwq-p8cr-h9qg",
"modified": "2023-12-13T23:22:06Z",
"published": "2023-09-08T00:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41646"
},
{
"type": "WEB",
"url": "https://github.com/buttercup/buttercup-core/issues/336"
},
{
"type": "WEB",
"url": "https://github.com/buttercup/buttercup-core/commit/77fbcdfe4caf57486a3c83c07fc6d36bb0e1d3e1"
},
{
"type": "WEB",
"url": "https://buttercup.pw"
},
{
"type": "PACKAGE",
"url": "https://github.com/buttercup/buttercup-core"
},
{
"type": "WEB",
"url": "https://github.com/tristao-marinho/CVE-2023-41646"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Buttercup allows attackers to obtain the hash of the master password"
}
GHSA-85RP-M9XF-H964
Vulnerability from github – Published: 2023-11-02 18:30 – Updated: 2023-11-02 18:30Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.
{
"affected": [],
"aliases": [
"CVE-2023-5846"
],
"database_specific": {
"cwe_ids": [
"CWE-916"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-02T17:15:11Z",
"severity": "HIGH"
},
"details": "\nFranklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.\n\n\n\n\n",
"id": "GHSA-85rp-m9xf-h964",
"modified": "2023-11-02T18:30:25Z",
"published": "2023-11-02T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5846"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-51
- Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.
- Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.
- Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment's needs.
Mitigation MIT-25
When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
CAPEC-55: Rainbow Table Password Cracking
An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system.