Threats Tagged 'cwe-916'
View all threats tagged with 'cwe-916'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cwe-916'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-9641: CWE-916 Use of Password Hash With Insufficient Computational Effort in ARODLAND Crypt::PBKDF2CVE-2026-9641 0 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000 iterations should be used. Join the discussion | CVE Database V5 | 06/12/2026, 14:57:30 UTC Added: 06/12/2026, 15:39:41 UTC |
CVE-2026-8881: CWE-916 Use of Password Hash With Insufficient Computational Effort in Securly Securly Chrome ExtensionCVE-2026-8881 0 Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching. Join the discussion | CVE Database V5 | 06/03/2026, 18:13:14 UTC Added: 06/03/2026, 19:03:42 UTC |
CVE-2026-44611: CWE-916 Use of Password Hash With Insufficient Computational Effort in Danelec MacGregor Voyage Data Recorder (VDR) G4eCVE-2026-44611 0 The Danelec MacGregor Voyage Data Recorder (VDR) G4e uses a password hashing method that limits password length and is vulnerable to brute force attacks due to insufficient computational effort. This weakness could allow attackers with network access and low privileges to recover passwords, impacting confidentiality. The vulnerability has a medium severity rating with a CVSS score of 5.4. No official patch or remediation guidance is currently available from the vendor. There are no known exploits in the wild at this time. Join the discussion | CVE Database V5 | 05/29/2026, 17:42:15 UTC Added: 05/29/2026, 18:33:43 UTC |
CVE-2026-45027: CWE-759: Use of a One-Way Hash without a Salt in LabRedesCefetRJ WeGIACVE-2026-45027 0 WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash() function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in controle/FuncionarioControle.php follows the same pattern. SHA-256 is a general-purpose cryptographic hash built for speed, not password storage. Without a salt, identical passwords produce identical digests, making the entire hash database vulnerable to a single precomputed rainbow table lookup. This vulnerability is fixed in 3.7.3. Join the discussion | CVE Database V5 | 05/27/2026, 15:24:21 UTC Added: 05/27/2026, 16:33:44 UTC |
Showing 1 to 4 of 4 results