VYPR

CWE-328

Use of Weak Hash

BaseDraft

Description

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

Hierarchy (View 1000)

Children

Related attack patterns (CAPEC)

CAPEC-461 · CAPEC-68

CVEs mapped to this weakness (67)

page 1 of 4
  • CVE-2004-2761CriJan 5, 2009
    risk 0.67cvss 9.8epss 0.10

    The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

  • CVE-2026-36182CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.

  • CVE-2020-37168CriMay 13, 2026
    risk 0.64cvss 9.8epss 0.00

    Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the…

  • CVE-2025-41652CriMay 27, 2025
    risk 0.64cvss 9.8epss 0.00

    The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge…

  • CVE-2025-27595CriMar 14, 2025
    risk 0.64cvss 9.8epss 0.01

    The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.

  • CVE-2026-46488criJun 22, 2026
    risk 0.59cvss epss

    ### Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set…

  • CVE-2024-54143CriDec 6, 2024
    risk 0.54cvss epss 0.02

    openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously…

  • CVE-2026-32129HigMar 12, 2026
    risk 0.50cvss epss 0.00

    soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 (PoseidonSponge) accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate (inputs.len() < T - 1),…

  • CVE-2024-48924HigOct 17, 2024
    risk 0.50cvss epss 0.00

    ### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the…

  • CVE-2025-41256HigJun 25, 2025
    risk 0.48cvss 7.4epss 0.00

    Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through…

  • CVE-2024-56516MedDec 30, 2024
    risk 0.45cvss epss 0.00

    free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing…

  • CVE-2024-23589MedMay 30, 2025
    risk 0.44cvss 6.8epss 0.00

    Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs

  • CVE-2026-40164HigApr 14, 2026
    risk 0.42cvss 7.5epss 0.00

    jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By…

  • CVE-2025-55053MedSep 9, 2025
    risk 0.42cvss 6.5epss 0.00

    CWE-328: Use of Weak Hash

  • CVE-2025-47276HigMay 13, 2025
    risk 0.42cvss 7.5epss 0.00

    Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like…

  • CVE-2026-54266higJun 15, 2026
    risk 0.39cvss epss 0.00

    Angular's `HttpTransferCache` caches HTTP requests made during Server-Side Rendering (SSR) so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in `TransferState` using a cache key…

  • CVE-2025-26486MedMar 19, 2025
    risk 0.39cvss 6.0epss 0.00

    Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to…

  • CVE-2026-45413MedMay 26, 2026
    risk 0.38cvss epss 0.00

    MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force (hashcat). This vulnerability is fixed in 2.9.1.

  • CVE-2025-3576MedApr 15, 2025
    risk 0.38cvss 5.9epss 0.00

    A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message…

  • CVE-2025-21604MedJan 6, 2025
    risk 0.38cvss epss 0.00

    LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0.