Common Weakness Enumeration

CWE-759

Allowed

Use of a One-Way Hash without a Salt

Abstraction: Variant · Status: Incomplete

The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.

24 vulnerabilities reference this CWE, most recent first.

CVE-2023-33838 (GCVE-0-2023-33838)

Vulnerability from cvelistv5 – Published: 2025-01-29 01:22 – Updated: 2025-02-12 16:46
VLAI
Title
IBM Security Verify Governance information disclosure
Summary
IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-759 - Use of a One-Way Hash without a Salt
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM Security Verify Governance Affected: 10.0.2
    cpe:2.3:a:ibm:security_verify_governance:10.0.2:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33838",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T14:55:23.230730Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T16:46:40.574Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:security_verify_governance:10.0.2:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Security Verify Governance",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Security Verify Governance 10.0.2 Identity Manager \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003euses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.\u003c/span\u003e"
            }
          ],
          "value": "IBM Security Verify Governance 10.0.2 Identity Manager \n\nuses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-759",
              "description": "CWE-759 Use of a One-Way Hash without a Salt",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-29T01:22:19.102Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7172200"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Security Verify Governance information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-33838",
    "datePublished": "2025-01-29T01:22:19.102Z",
    "dateReserved": "2023-05-23T00:31:47.071Z",
    "dateUpdated": "2025-02-12T16:46:40.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1430 (GCVE-0-2023-1430)

Vulnerability from cvelistv5 – Published: 2023-06-09 05:33 – Updated: 2026-04-08 17:28
VLAI
Title
FluentCRM - Marketing Automation For WordPress <= 2.8.01 - Insufficient Use of Hash as Authorization Control
Summary
The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.8.01 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions, granted they gain access to any targeted subscribers email address.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-759 - Use of a One-Way Hash without a Salt
Assigner
Credits
Karl Emil Nikka
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:49:11.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de6da87e-8f7d-4120-8a1b-390ef7733d84?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/2899218/fluent-crm/tags/2.8.0/app/Hooks/Handlers/ExternalPages.php?old=2873074\u0026old_path=fluent-crm%2Ftags%2F2.7.40%2Fapp%2FHooks%2FHandlers%2FExternalPages.php"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1430",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-28T00:40:08.120261Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-28T00:51:36.585Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FluentCRM \u2013 Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution",
          "vendor": "techjewel",
          "versions": [
            {
              "lessThanOrEqual": "2.8.0.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Karl Emil Nikka"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The FluentCRM - Marketing Automation For WordPress  plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.8.01 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions, granted they gain access to any targeted subscribers email address."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-759",
              "description": "CWE-759 Use of a One-Way Hash without a Salt",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:28:18.137Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de6da87e-8f7d-4120-8a1b-390ef7733d84?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/2899218/fluent-crm/tags/2.8.0/app/Hooks/Handlers/ExternalPages.php?old=2873074\u0026old_path=fluent-crm%2Ftags%2F2.7.40%2Fapp%2FHooks%2FHandlers%2FExternalPages.php"
        },
        {
          "url": "https://github.com/karlemilnikka/CVE-2023-1430"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2924787%40fluent-crm\u0026new=2924787%40fluent-crm\u0026sfp_email=\u0026sfph_mail="
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-06-01T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "FluentCRM - Marketing Automation For WordPress \u003c= 2.8.01 - Insufficient Use of Hash as Authorization Control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2023-1430",
    "datePublished": "2023-06-09T05:33:37.287Z",
    "dateReserved": "2023-03-16T12:19:40.945Z",
    "dateUpdated": "2026-04-08T17:28:18.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-21253 (GCVE-0-2021-21253)

Vulnerability from cvelistv5 – Published: 2021-01-21 14:20 – Updated: 2024-08-03 18:09
VLAI
Title
Use of a One-Way Hash without a Salt in OnlineVotingSystem
Summary
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords. This problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system.
CWE
  • CWE-759 - Use of a One-Way Hash without a Salt
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:09:14.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/dbijaya/OnlineVotingSystem/security/advisories/GHSA-wwg8-372v-v332"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dbijaya/OnlineVotingSystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OnlineVotingSystem",
          "vendor": "dbijaya",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords. This problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-759",
              "description": "CWE-759 Use of a One-Way Hash without a Salt",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-21T14:20:16.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/dbijaya/OnlineVotingSystem/security/advisories/GHSA-wwg8-372v-v332"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dbijaya/OnlineVotingSystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09"
        }
      ],
      "source": {
        "advisory": "GHSA-wwg8-372v-v332",
        "discovery": "UNKNOWN"
      },
      "title": "Use of a One-Way Hash without a Salt in OnlineVotingSystem",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-21253",
          "STATE": "PUBLIC",
          "TITLE": "Use of a One-Way Hash without a Salt in OnlineVotingSystem"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OnlineVotingSystem",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "dbijaya"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords. This problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-759 Use of a One-Way Hash without a Salt"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/dbijaya/OnlineVotingSystem/security/advisories/GHSA-wwg8-372v-v332",
              "refsource": "CONFIRM",
              "url": "https://github.com/dbijaya/OnlineVotingSystem/security/advisories/GHSA-wwg8-372v-v332"
            },
            {
              "name": "https://github.com/dbijaya/OnlineVotingSystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09",
              "refsource": "MISC",
              "url": "https://github.com/dbijaya/OnlineVotingSystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-wwg8-372v-v332",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-21253",
    "datePublished": "2021-01-21T14:20:16.000Z",
    "dateReserved": "2020-12-22T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:09:14.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25164 (GCVE-0-2020-25164)

Vulnerability from cvelistv5 – Published: 2022-04-14 20:06 – Updated: 2025-04-16 16:29
VLAI
Title
B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
Summary
A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-759 - Use of a One-Way Hash without a Salt
Assigner
References
Impacted products
Vendor Product Version
B. Braun Melsungen AG SpaceCom Affected: unspecified , ≤ U61 (custom)
Affected: unspecified , ≤ L81 (custom)
Create a notification for this product.
B. Braun Melsungen AG Battery pack with Wi-Fi Affected: unspecified , ≤ U61 (custom)
Affected: unspecified , ≤ L81 (custom)
Create a notification for this product.
B. Braun Melsungen AG Data module compactplus Affected: A10
Affected: A11
Create a notification for this product.
Credits
Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices).
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:26:09.576Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-25164",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:15.208760Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:29:36.723Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SpaceCom",
          "vendor": "B. Braun Melsungen AG",
          "versions": [
            {
              "lessThanOrEqual": "U61",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "L81",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Battery pack with Wi-Fi",
          "vendor": "B. Braun Melsungen AG",
          "versions": [
            {
              "lessThanOrEqual": "U61",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "L81",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Data module compactplus",
          "vendor": "B. Braun Melsungen AG",
          "versions": [
            {
              "status": "affected",
              "version": "A10"
            },
            {
              "status": "affected",
              "version": "A11"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices)."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-759",
              "description": "CWE-759: Use of a One-Way Hash without a Salt",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-14T20:06:00.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "B. Braun recommends applying updates:\n\n    SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)\n    Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)\n    Data module compactplus: Version A12 or later\n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory.  https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus",
      "workarounds": [
        {
          "lang": "en",
          "value": "As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:\n\n    Ensure the devices are not accessible directly from the Internet.\n    Use a firewall and isolate the medical devices from the business network. \n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory.  https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-25164",
          "STATE": "PUBLIC",
          "TITLE": "B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SpaceCom",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "U61"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "L81"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Battery pack with Wi-Fi",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "U61"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "L81"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Data module compactplus",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "A10"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "A11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "B. Braun Melsungen AG"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices)."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-759: Use of a One-Way Hash without a Salt"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02",
              "refsource": "CONFIRM",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"
            },
            {
              "name": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html",
              "refsource": "CONFIRM",
              "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "B. Braun recommends applying updates:\n\n    SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)\n    Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)\n    Data module compactplus: Version A12 or later\n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory.  https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html\n"
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:\n\n    Ensure the devices are not accessible directly from the Internet.\n    Use a firewall and isolate the medical devices from the business network. \n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory.  https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-25164",
    "datePublished": "2022-04-14T20:06:00.000Z",
    "dateReserved": "2020-09-04T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:29:36.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-16244 (GCVE-0-2020-16244)

Vulnerability from cvelistv5 – Published: 2020-09-23 13:03 – Updated: 2024-08-04 13:37
VLAI
Summary
GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords.
Severity
No CVSS data available.
CWE
  • CWE-759 - USE OF A ONE-WAY HASH WITHOUT A SALT CWE-759
Assigner
References
Impacted products
Vendor Product Version
n/a GE Digital APM Classic Affected: Versions 4.4 and prior
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:37:53.990Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GE Digital APM Classic",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 4.4 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-759",
              "description": "USE OF A ONE-WAY HASH WITHOUT A SALT CWE-759",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-23T13:03:05.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-16244",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GE Digital APM Classic",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions 4.4 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE OF A ONE-WAY HASH WITHOUT A SALT CWE-759"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-16244",
    "datePublished": "2020-09-23T13:03:05.000Z",
    "dateReserved": "2020-07-31T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:37:53.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-2GV7-CC99-M2PR

Vulnerability from github – Published: 2025-01-29 03:31 – Updated: 2025-01-29 03:31
VLAI
Details

IBM Security Verify Governance 10.0.2 Identity Manager

uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33838"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-759",
      "CWE-916"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-29T02:15:26Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Verify Governance 10.0.2 Identity Manager \n\nuses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.",
  "id": "GHSA-2gv7-cc99-m2pr",
  "modified": "2025-01-29T03:31:48Z",
  "published": "2025-01-29T03:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33838"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7172200"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8FF6-PC43-JWV3

Vulnerability from github – Published: 2025-08-28 13:33 – Updated: 2026-07-02 20:20
VLAI
Summary
NeuVector has an insecure password storage and is vulnerable to rainbow attack
Details

Impact

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed).

NeuVector generates a cryptographically secure, random 16-character salt and uses it with the PBKDF2 algorithm to create the hash value for the following actions:

  • Creating a user
  • Updating a user’s password
  • Creating an API key

Note: After upgrading to NeuVector 5.4.6, users must log in again so that NeuVector can regenerate the password hash. For API keys, you must send at least one request per API key to regenerate its hash value.

Patches

This issue is fixed in NeuVector version 5.4.6 and later.

Workarounds

There is no workaround. Upgrade to a patched version of NeuVector as soon as possible.

References

If you have any questions or comments about this advisory:

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/neuvector/neuvector"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20250825191744-da1a462074c3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-53884"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-759",
      "CWE-916"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-28T13:33:14Z",
    "nvd_published_at": "2025-09-17T13:15:33Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nNeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed).\n\nNeuVector generates a cryptographically secure, random 16-character salt and uses it with the PBKDF2 algorithm to create the hash value for the following actions:\n\n- Creating a user\n- Updating a user\u2019s password\n- Creating an API key\n\n**Note:** After upgrading to NeuVector 5.4.6, users must log in again so that NeuVector can regenerate the password hash. For API keys, you must send at least one request per API key to regenerate its hash value.\n\n### Patches\n\nThis issue is fixed in NeuVector version **5.4.6** and later.\n\n### Workarounds\n\nThere is no workaround. Upgrade to a patched version of NeuVector as soon as possible.\n\n### References\n\nIf you have any questions or comments about this advisory:\n\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [NeuVector](https://github.com/neuvector/neuvector/issues/new/choose) repository.\n- Verify with our [support matrix](https://www.suse.com/suse-neuvector/support-matrix/all-supported-versions/neuvector-v-all-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/#suse-security).",
  "id": "GHSA-8ff6-pc43-jwv3",
  "modified": "2026-07-02T20:20:12Z",
  "published": "2025-08-28T13:33:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/neuvector/neuvector/security/advisories/GHSA-8ff6-pc43-jwv3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53884"
    },
    {
      "type": "WEB",
      "url": "https://github.com/neuvector/neuvector/pull/2084"
    },
    {
      "type": "WEB",
      "url": "https://github.com/neuvector/neuvector/pull/2085"
    },
    {
      "type": "WEB",
      "url": "https://github.com/neuvector/neuvector/commit/addc9308b3a6359c9789a62ac6e73594c9a544d0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/neuvector/neuvector/commit/da1a462074c3d7d426dba0901840fd0e2146f63a"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53884"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/neuvector/neuvector"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "NeuVector has an insecure password storage and is vulnerable to rainbow attack"
}

GHSA-9CPP-GF7M-944G

Vulnerability from github – Published: 2026-02-03 00:30 – Updated: 2026-02-03 00:30
VLAI
Details

IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36253"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-759"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-02T23:15:59Z",
    "severity": "MODERATE"
  },
  "details": "IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.",
  "id": "GHSA-9cpp-gf7m-944g",
  "modified": "2026-02-03T00:30:18Z",
  "published": "2026-02-03T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36253"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7257565"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G29V-Q6H7-76WH

Vulnerability from github – Published: 2026-05-14 20:30 – Updated: 2026-06-09 10:20
VLAI
Summary
electerm's encrypt method not safe enough
Details

Impact

Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks.

Patches

  • https://github.com/electerm/electerm/commit/9dd8295e37d53396b980cd45dfc5ed11ad79b937

Workarounds

  • No

References

  • Report / credit: https://github.com/Curly-Haired-Baboon
  • Electerm releases: https://github.com/electerm/electerm/releases
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "electerm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.9.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45787"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-329",
      "CWE-353",
      "CWE-759",
      "CWE-916"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-14T20:30:04Z",
    "nvd_published_at": "2026-05-28T18:16:35Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n_Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks._\n\n### Patches\n\n- https://github.com/electerm/electerm/commit/9dd8295e37d53396b980cd45dfc5ed11ad79b937\n\n### Workarounds\n\n- No\n\n### References\n- Report / credit: https://github.com/Curly-Haired-Baboon\n- Electerm releases: https://github.com/electerm/electerm/releases",
  "id": "GHSA-g29v-q6h7-76wh",
  "modified": "2026-06-09T10:20:23Z",
  "published": "2026-05-14T20:30:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/electerm/electerm/security/advisories/GHSA-g29v-q6h7-76wh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45787"
    },
    {
      "type": "WEB",
      "url": "https://github.com/electerm/electerm/commit/9dd8295e37d53396b980cd45dfc5ed11ad79b937"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/electerm/electerm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/electerm/electerm/releases/tag/v3.9.5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "electerm\u0027s encrypt method not safe enough"
}

GHSA-H8H6-7752-G28C

Vulnerability from github – Published: 2025-03-03 19:55 – Updated: 2025-03-04 22:23
VLAI
Summary
Manifest Uses a One-Way Hash without a Salt
Details

Summary

Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same hash, making it easier for attackers to identify and exploit patterns, thereby accelerating the cracking process.

Details

Analysis of the application source code reveals that user passwords are hashed using the SHA3 algorithm without implementing a unique salt per user.

const newUser: AuthenticableEntity = entityRepository.create(signupUserDto)
newUser.password = SHA3(newUser.password).toString()

This approach results in deterministic password hashes, which can be identified by comparing the hashes for users with matching credentials.

password without salt

PoC

  1. Create two users with the same password (it could be admin or any other authenticatable entity)
  2. Extract their password hashes from the database
  3. Verify that both hashes are identical, confirming the absence of unique salts

Impact

This is a cryptographic weakness vulnerability that affects all users of the system. The lack of a unique salt when hashing passwords reduces protection against database breaches, as attackers who gain access to the database can more efficiently crack user passwords. Since identical passwords result in identical hashes, attackers can use precomputed hash databases (e.g., Rainbow Tables) or offline brute-force attacks to reverse the hashes and obtain user passwords, increasing the risk of compromised accounts and further system exploitation.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "manifest"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.9.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-27408"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-759"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-03T19:55:33Z",
    "nvd_published_at": "2025-02-28T18:15:28Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nManifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same hash, making it easier for attackers to identify and exploit patterns, thereby accelerating the cracking process.\n\n### Details\nAnalysis of the application source code reveals that user passwords are hashed using the SHA3 algorithm without implementing a unique salt per user.\n```\nconst newUser: AuthenticableEntity = entityRepository.create(signupUserDto)\nnewUser.password = SHA3(newUser.password).toString()\n```\nThis approach results in deterministic password hashes, which can be identified by comparing the hashes for users with matching credentials.\n\n![password without salt](https://github.com/user-attachments/assets/8ce816ab-0351-44d4-9aa3-717266441d6e)\n\n\n### PoC\n1. Create two users with the same password (it could be admin or any other authenticatable entity)\n2. Extract their password hashes from the database\n3. Verify that both hashes are identical, confirming the absence of unique salts\n\n### Impact\nThis is a cryptographic weakness vulnerability that affects all users of the system. The lack of a unique salt when hashing passwords reduces protection against database breaches, as attackers who gain access to the database can more efficiently crack user passwords. Since identical passwords result in identical hashes, attackers can use precomputed hash databases (e.g., Rainbow Tables) or offline brute-force attacks to reverse the hashes and obtain user passwords, increasing the risk of compromised accounts and further system exploitation.",
  "id": "GHSA-h8h6-7752-g28c",
  "modified": "2025-03-04T22:23:26Z",
  "published": "2025-03-03T19:55:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mnfst/manifest/security/advisories/GHSA-h8h6-7752-g28c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27408"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mnfst/manifest/commit/3ed6f1324e96ad469ad929d470dcd0cc386c6c69"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mnfst/manifest"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Manifest Uses a One-Way Hash without a Salt"
}

Mitigation MIT-51
Architecture and Design
  • Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.
  • Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.
  • Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment's needs.
Mitigation
Architecture and Design

If a technique that requires extra computational effort can not be implemented, then for each password that is processed, generate a new random salt using a strong random number generator with unpredictable seeds. Add the salt to the plaintext password before hashing it. When storing the hash, also store the salt. Do not use the same salt for every password.

Mitigation MIT-25
Implementation Architecture and Design

When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.

No CAPEC attack patterns related to this CWE.