CWE-916: CWE-916
Yearly Trend
Top Affected Vendors
All CWE-916 CVEs (22)
CVE-2020-14516 is a critical authentication bypass vulnerability in Rockwell Automation FactoryTalk Services Platform where SHA-256 password hashing f...
Mar 18, 2021This vulnerability in EveHome Eve Play allows attackers to exploit weak password hashing to execute arbitrary code on affected devices. It affects all...
Jan 13, 2025CVE-2021-36767 is an authentication bypass vulnerability in Digi RealPort software where the challenge-response mechanism leaks a weakly-hashed server...
Oct 8, 2021This vulnerability allows remote attackers to recover plain-text passwords by brute-forcing weak MD5 hashes in QSAN storage management systems. Attack...
Jul 7, 2021This vulnerability allows attackers to decode administrator credentials on Franklin Fueling System TS-550 devices, enabling unauthenticated access. Or...
Nov 2, 2023This vulnerability allows attackers to brute-force weak secret hashes in Live Helper Chat software, potentially compromising authentication mechanisms...
Apr 5, 2022This FreeIPA vulnerability allows attackers who compromise a principal to obtain encrypted Kerberos tickets and salts, enabling offline brute-force at...
Jun 12, 2024This vulnerability in Sante PACS Server allows attackers to bypass authentication by exploiting password hash truncation. When a password's SHA1 hash ...
Mar 13, 2025This vulnerability allows attackers to perform cryptanalysis on password hashes in Tridium Niagara Framework and Enterprise Security products. Attacke...
May 22, 2025A vulnerability in PHP's password_verify() function allows invalid Blowfish password hashes to be accepted as valid. This could enable authentication ...
Mar 1, 2023CVE-2024-7701 is a vulnerability in Percona Toolkit's pt-secure-collect tool that uses weak password hashing algorithms, allowing attackers to perform...
Dec 15, 2024PiiGAB M-Bus software stores passwords using a weak hash algorithm, allowing attackers to potentially crack passwords and gain unauthorized access. Th...
Jul 7, 2023CodeIgniter Shield versions before v1.0.0-beta.4 improperly store passwords by using SHA-384 hashing without salt before bcrypt, making password crack...
Mar 13, 2023mySCADA myPRO versions 8.20.0 and prior store passwords using the weak MD5 hashing algorithm, which allows attackers who obtain password hashes to cra...
Dec 23, 2021IBM Tivoli Key Lifecycle Manager versions 3.0 through 4.1 store passwords using unsalted cryptographic hashes, making them vulnerable to rainbow table...
Nov 15, 2021This vulnerability allows attackers to recover user account credentials from Schneider Electric EVlink charging stations through dictionary attacks. T...
Jul 21, 2021This vulnerability in Koel music streaming software allows attackers to perform brute-force attacks against login credentials more effectively. It aff...
May 24, 2021This vulnerability allows a high-privileged remote attacker with webUI admin access to brute-force the underlying OS root and user passwords due to we...
Dec 9, 2025A vulnerability in ctrlX OS allows authenticated low-privileged users to recover plaintext passwords of other users from the users configuration file....
Apr 30, 2025Insecure defaults in Fortra's Core Privileged Access Manager (BoKS) Server Agent can lead to the use of weak password hash algorithms, potentially all...
Dec 16, 2025RiteCMS v3.1.0 uses insecure encryption (likely weak hashing or reversible encryption) to store user passwords. This vulnerability allows attackers wh...
Dec 17, 2025This vulnerability in BUFFALO WSR-1800AX4 series routers allows attackers to obtain Wi-Fi passwords and WPS PIN codes when WPS is enabled due to insuf...
Nov 7, 2025About CWE-916 (CWE-916)
Our database tracks 22 CVEs classified as CWE-916, with 4 rated critical and 13 rated high severity. The average CVSS score for CWE-916 vulnerabilities is 7.7.
External reference: View CWE-916 on MITRE CWE →
Monitor CWE-916 Vulnerabilities
Get alerted when new CWE-916 CVEs affect your infrastructure.
Start Monitoring Free