CVE-2026-4377 Use of Weak Credentials in D-Link DWR-X1820 router

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

CVE-2025-65831

The application uses an insecure hashing algorithm MD5 to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in...

PT-2025-50539

Name of the Vulnerable Software and Affected Versions Mobile Application affected versions not specified Description The application utilizes an insecure hashing algorithm, MD5, for password storage. An attacker obtaining password hashes—through methods like exploiting cloud services or performin...

CVE-2025-65831

CVE-2025-65831 is documented across multiple sources as involving insecure MD5-based password hashing that could enable credential cracking and unauthorized account access if hashes are obtained. A concrete product reference appears in CNNVD: Meatmeet Pro App v1.1.2.0 uses MD5 for password hashin...

CVE-2025-35114 Agiloft local privilege escalation via default credentials

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30...

CVE-2019-17216

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort...

Inaba Denki Sangyo CHOCO TEI WATCHER mini 安全漏洞

Inaba Denki Sangyo CHOCO TEI WATCHER mini is a series of surveillance cameras from Inaba Denki Sangyo. A security vulnerability exists in Inaba Denki Sangyo CHOCO TEI WATCHER mini, which stems from a weak password requirement that could lead to an attacker obtaining a user's password via brute...

Manifest Uses a One-Way Hash without a Salt

Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...

CVE-2025-27408 Manifest Uses a One-Way Hash without a Salt

Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt,...

CVE-2022-27558

HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking...

PT-2022-18482 · Hcl · Hcl Notes

Name of the Vulnerable Software and Affected Versions: HCL iNotes affected versions not specified Description: The issue concerns a Broken Password Strength Checks problem. Custom password policies are not enforced on certain iNotes forms, which could allow users to set weak passwords. This...

PT-2022-10190 · Philips · Philips Vue Pacs

Name of the Vulnerable Software and Affected Versions: Philips Vue PACS versions 12.2.x.x and prior Description: The issue concerns the use of a cryptographic key or password past its expiration date, which significantly diminishes safety by increasing the timing window for cracking attacks again...

CVE-2022-21800

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed...

PT-2022-15139 · Mmp +2 · Mmp +2

Name of the Vulnerable Software and Affected Versions: MMP versions prior to 1.0.3 PTP C-series versions prior to 2.8.6.1 PTMP C-series and A5x versions prior to 2.5.4.1 Description: The software uses the MD5 algorithm to hash passwords before storing them but does not salt the hash. As a result,...

CVE-2018-9028

Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking...

PT-2005-3209 · Esi · Webeoc

Name of the Vulnerable Software and Affected Versions: WebEOC versions prior to 6.0.2 Description: The issue is related to a weak encryption scheme used for passwords, making it easier for attackers to crack passwords. Recommendations: For versions prior to 6.0.2, update to version 6.0.2 or later...

CVE-2001-0195

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking...