VYPR

CWE-760

Use of a One-Way Hash with a Predictable Salt

VariantIncomplete

Description

The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product uses a predictable salt as part of the input.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (6)

  • CVE-2026-46749HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of…

  • CVE-2024-13951HigMay 22, 2025
    risk 0.49cvss 7.6epss 0.00

    One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2025-26486MedMar 19, 2025
    risk 0.39cvss 6.0epss 0.00

    Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to…

  • CVE-2020-28214MedDec 11, 2020
    risk 0.36cvss 5.5epss 0.01

    A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection…

  • CVE-2026-9370LowMay 24, 2026
    risk 0.24cvss 3.7epss 0.00

    A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the…

  • CVE-2018-5552LowMar 19, 2018
    risk 0.19cvss 2.9epss 0.00

    Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper".