30 matches found
CVE-2026-53692 Weak hashing algorithm in Redeight CMS
Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...
EUVD-2026-40294
Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...
CVE-2026-45027
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...
CVE-2026-45027 WeGIA: Use of Weak Password Hashing Algorithm (SHA-256, no salt) in html/login.php
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...
EUVD-2026-32565
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...
CVE-2026-45027 WeGIA: Use of Weak Password Hashing Algorithm (SHA-256, no salt) in html/login.php
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...
CVE-2026-33041
WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...
CVE-2026-33041
WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...
CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php
WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...
AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php
Summary /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password cracking against leaked database hashes. Details File:...
PT-2026-25998
Summary /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password cracking against leaked database hashes. Details File:...
CVE-2020-10538
An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack...
EUVD-2025-32184
Malicious code in bioql PyPI...
EUVD-2025-25209
Malicious code in bioql PyPI...
CVE-2025-51540
EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5md5password. This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force attacks if password hashes are disclosed. The lack of salting and use of a fast, outdated algorithm make...
PT-2025-33748 · Ezged3 · Ezged3
Name of the Vulnerable Software and Affected Versions: EzGED3 versions 3.5.0 through 3.5.72.27183 Description: EzGED3 stores user passwords using an insecure hashing scheme: md5md5password. This hashing method is cryptographically weak, allowing attackers to perform efficient offline brute-force...
CVE-2025-51540
EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5md5password. This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force attacks if password hashes are disclosed. The lack of salting and use of a fast, outdated algorithm make...
CVE-2025-51540
EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5md5password. This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force attacks if password hashes are disclosed. The lack of salting and use of a fast, outdated algorithm make...
CVE-2025-51540
EzGED3 3.5.0 stores passwords using an insecure hashing chain md5(md5(password)) with no salt, enabling offline brute-force attacks if hashes are exposed. Affected versions include 3.5.0 through 3.5.72.27183. Vendor states fix in 3.5.72.27183. Remediation: upgrade to 3.5.72.27183 or later.
Manifest Uses a One-Way Hash without a Salt
Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...