CWE-760
Use of a One-Way Hash with a Predictable Salt
VariantIncomplete
Description
The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product uses a predictable salt as part of the input.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-13951 | Hig | 0.49 | 7.6 | 0.00 | May 22, 2025 | One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |
| CVE-2025-26486 | Med | 0.39 | 6.0 | 0.00 | Mar 19, 2025 | Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication. This issue affects Life 1st: 1.5.2.14234. |