Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-916
Use of Password Hash With Insufficient Computational Effort
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
CVE-2026-30785 (GCVE-0-2026-30785)
Vulnerability from cvelistv5 – Published: 2026-03-05 16:04 – Updated: 2026-03-06 10:32
VLAI
Title
RustDesk Encrypts Local Passwords with World-Readable Machine ID and Fixed Zero Nonce (XSalsa20-Poly1305)
Summary
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id().
This issue affects RustDesk Client: through 1.4.5.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/rustdesk/rustdesk/discussions/9229 | technical-descriptionx_--config documentation |
| https://github.com/rustdesk/rustdesk/discussions/4979 | technical-descriptionx_--config documentation |
| https://docs.google.com/document/d/e/2PACX-1vSds6… | third-party-advisoryexploit |
| https://www.vulsec.org/ | vdb-entrythird-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| rustdesk-client | RustDesk Client |
Affected:
0 , ≤ 1.4.5
(custom)
|
Date Public
2026-03-05 13:45
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30785",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T10:32:18.593322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T10:32:38.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/rustdesk/rustdesk/releases",
"defaultStatus": "affected",
"modules": [
"Password security module",
"config encryption",
"machine UID"
],
"packageName": "rustdesk, hbb_common",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "RustDesk Client",
"programFiles": [
"hbb_common/src/password_security.rs",
"hbb_common/src/config.rs",
"hbb_common/src/lib.rs (get_uuid)",
"machine-uid/src/lib.rs"
],
"programRoutines": [
{
"name": "symmetric_crypt()"
},
{
"name": "encrypt_str_or_original()"
},
{
"name": "decrypt_str_or_original()"
},
{
"name": "get_uuid()"
},
{
"name": "get_machine_id()"
}
],
"repo": "https://github.com/rustdesk/hbb_common,https://github.com/rustdesk-org/machine-uid",
"vendor": "rustdesk-client",
"versions": [
{
"lessThanOrEqual": "1.4.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Default \u2014 any desktop installation with permanent password or saved peers"
}
],
"value": "Default \u2014 any desktop installation with permanent password or saved peers"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Erez Kalman"
},
{
"lang": "en",
"type": "reporter",
"value": "Erez Kalman"
}
],
"datePublic": "2026-03-05T13:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehbb_common/src/password_security.Rs\u003c/tt\u003e, \u003ctt\u003ehbb_common/src/config.Rs\u003c/tt\u003e, \u003ctt\u003ehbb_common/src/lib.Rs (get_uuid)\u003c/tt\u003e, \u003ctt\u003emachine-uid/src/lib.Rs\u003c/tt\u003e and program routines \u003ctt\u003esymmetric_crypt()\u003c/tt\u003e, \u003ctt\u003eencrypt_str_or_original()\u003c/tt\u003e, \u003ctt\u003edecrypt_str_or_original()\u003c/tt\u003e, \u003ctt\u003eget_uuid()\u003c/tt\u003e, \u003ctt\u003eget_machine_id()\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects RustDesk Client: through 1.4.5.\u003c/p\u003e"
}
],
"value": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id().\n\nThis issue affects RustDesk Client: through 1.4.5."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "PoC available. Trivially exploitable.\u003cbr\u003e"
}
],
"value": "PoC available. Trivially exploitable."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-323",
"description": "CWE-323",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T17:05:28.602Z",
"orgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
"shortName": "VULSec"
},
"references": [
{
"tags": [
"technical-description",
"x_--config documentation"
],
"url": "https://github.com/rustdesk/rustdesk/discussions/9229"
},
{
"tags": [
"technical-description",
"x_--config documentation"
],
"url": "https://github.com/rustdesk/rustdesk/discussions/4979"
},
{
"tags": [
"third-party-advisory",
"exploit"
],
"url": "https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub"
},
{
"tags": [
"vdb-entry",
"third-party-advisory"
],
"url": "https://www.vulsec.org/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use one-way hashing (Argon2id) for passwords. Use OS-native credential stores (DPAPI, Keychain, libsecret) for recoverable secrets. Apply proper KDF. Use random nonces."
}
],
"value": "Use one-way hashing (Argon2id) for passwords. Use OS-native credential stores (DPAPI, Keychain, libsecret) for recoverable secrets. Apply proper KDF. Use random nonces."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RustDesk Encrypts Local Passwords with World-Readable Machine ID and Fixed Zero Nonce (XSalsa20-Poly1305)",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Set restrictive file permissions on TOML config files. Avoid saving peer passwords."
}
],
"value": "Set restrictive file permissions on TOML config files. Avoid saving peer passwords."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
"assignerShortName": "VULSec",
"cveId": "CVE-2026-30785",
"datePublished": "2026-03-05T16:04:36.443Z",
"dateReserved": "2026-03-05T14:13:35.407Z",
"dateUpdated": "2026-03-06T10:32:38.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30789 (GCVE-0-2026-30789)
Vulnerability from cvelistv5 – Published: 2026-03-05 15:41 – Updated: 2026-06-22 13:16
VLAI
Title
RustDesk Auth Proof Uses Server-Controlled Salt/Challenge and Fast Double-SHA256, Enabling Offline Brute-Force
Summary
Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Password Brute Forcing.
The authentication proof is SHA256(SHA256(password + salt) + challenge), where both the salt and the challenge are generated entirely by the server with no client-side nonce, and the hash uses no slow key-derivation function. A rogue or on-path API/relay server (see CVE-2026-30794 / CVE-2026-30797) can issue a chosen salt and challenge, capture the resulting proof, and recover the password offline. The capture-replay claim (CWE-294) is withdrawn: the challenge is regenerated per connection (challenge = Config::get_auto_password(6)), so a captured proof is not replayable against the legitimate server. The 1.4.7 OTP brute-force limiter and the existing LOGIN_FAILURES counter constrain only ONLINE attempts and do not address offline recovery.
This vulnerability is associated with program files src/client.rs and program routines handle_hash(), handle_login_from_ui() (login proof construction).
This issue affects RustDesk Client: through 1.4.8.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://rustdesk.com/docs/en/client/ | technical-descriptionx_--config documentation |
| https://docs.google.com/document/d/e/2PACX-1vSds6… | third-party-advisoryexploit |
| https://www.vulsec.org/ | vdb-entrythird-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| rustdesk-client | RustDesk Client |
Affected:
0 , ≤ 1.4.8
(custom)
|
Date Public
2026-03-05 13:45
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30789",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T14:32:41.844771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T14:32:45.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/rustdesk/rustdesk/releases",
"defaultStatus": "affected",
"modules": [
"Client login",
"peer authentication"
],
"packageName": "rustdesk-client",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "RustDesk Client",
"programFiles": [
"src/client.rs"
],
"programRoutines": [
{
"name": "handle_hash()"
},
{
"name": "handle_login_from_ui() (login proof construction)"
}
],
"repo": "https://github.com/rustdesk/rustdesk,https://github.com/rustdesk/hbb_common",
"vendor": "rustdesk-client",
"versions": [
{
"lessThanOrEqual": "1.4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Default \u2014 any password-based authentication"
}
],
"value": "Default \u2014 any password-based authentication"
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:windows:*:*:*:*:*",
"versionEndIncluding": "1.4.8",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:macos:*:*:*:*:*",
"versionEndIncluding": "1.4.8",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "1.4.8",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:ios:*:*:*:*:*",
"versionEndIncluding": "1.4.8",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:android:*:*:*:*:*",
"versionEndIncluding": "1.4.8",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Erez Kalman"
},
{
"lang": "en",
"type": "reporter",
"value": "Erez Kalman"
}
],
"datePublic": "2026-03-05T13:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Password Brute Forcing.\u003cbr\u003e\u003cbr\u003eThe authentication proof is SHA256(SHA256(password + salt) + challenge), where both the salt and the challenge are generated entirely by the server with no client-side nonce, and the hash uses no slow key-derivation function. A rogue or on-path API/relay server (see CVE-2026-30794 / CVE-2026-30797) can issue a chosen salt and challenge, capture the resulting proof, and recover the password offline. The capture-replay claim (CWE-294) is withdrawn: the challenge is regenerated per connection (challenge = Config::get_auto_password(6)), so a captured proof is not replayable against the legitimate server. The 1.4.7 OTP brute-force limiter and the existing LOGIN_FAILURES counter constrain only ONLINE attempts and do not address offline recovery.\u003cbr\u003e\u003cbr\u003eThis vulnerability is associated with program files src/client.rs and program routines handle_hash(), handle_login_from_ui() (login proof construction).\u003cbr\u003e\u003cbr\u003eThis issue affects RustDesk Client: through 1.4.8."
}
],
"value": "Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Password Brute Forcing.\n\nThe authentication proof is SHA256(SHA256(password + salt) + challenge), where both the salt and the challenge are generated entirely by the server with no client-side nonce, and the hash uses no slow key-derivation function. A rogue or on-path API/relay server (see CVE-2026-30794 / CVE-2026-30797) can issue a chosen salt and challenge, capture the resulting proof, and recover the password offline. The capture-replay claim (CWE-294) is withdrawn: the challenge is regenerated per connection (challenge = Config::get_auto_password(6)), so a captured proof is not replayable against the legitimate server. The 1.4.7 OTP brute-force limiter and the existing LOGIN_FAILURES counter constrain only ONLINE attempts and do not address offline recovery.\n\nThis vulnerability is associated with program files src/client.rs and program routines handle_hash(), handle_login_from_ui() (login proof construction).\n\nThis issue affects RustDesk Client: through 1.4.8."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "PoC available.\u003cbr\u003e"
}
],
"value": "PoC available."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T13:16:30.794Z",
"orgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
"shortName": "VULSec"
},
"references": [
{
"tags": [
"technical-description",
"x_--config documentation"
],
"url": "https://rustdesk.com/docs/en/client/"
},
{
"tags": [
"third-party-advisory",
"exploit"
],
"url": "https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub"
},
{
"tags": [
"vdb-entry",
"third-party-advisory"
],
"url": "https://www.vulsec.org/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Add a client-side nonce to the auth proof and use a slow KDF (e.g., Argon2id). Transition to SRP."
}
],
"value": "Add a client-side nonce to the auth proof and use a slow KDF (e.g., Argon2id). Transition to SRP."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RustDesk Auth Proof Uses Server-Controlled Salt/Challenge and Fast Double-SHA256, Enabling Offline Brute-Force",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use long (16+ char) random passwords. Enable 2FA where available."
}
],
"value": "Use long (16+ char) random passwords. Enable 2FA where available."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
"assignerShortName": "VULSec",
"cveId": "CVE-2026-30789",
"datePublished": "2026-03-05T15:41:51.417Z",
"dateReserved": "2026-03-05T14:13:37.202Z",
"dateUpdated": "2026-06-22T13:16:30.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30790 (GCVE-0-2026-30790)
Vulnerability from cvelistv5 – Published: 2026-03-05 15:49 – Updated: 2026-06-22 13:06
VLAI
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2026-06-22T13:06:15.128Z",
"orgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
"shortName": "VULSec"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
"assignerShortName": "VULSec",
"cveId": "CVE-2026-30790",
"datePublished": "2026-03-05T15:49:15.539Z",
"dateRejected": "2026-06-22T13:06:15.128Z",
"dateReserved": "2026-03-05T14:13:37.202Z",
"dateUpdated": "2026-06-22T13:06:15.128Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44611 (GCVE-0-2026-44611)
Vulnerability from cvelistv5 – Published: 2026-05-29 17:42 – Updated: 2026-05-29 19:44
VLAI
Title
MacGregor Voyage Data Recorder (VDR) G4e Use of Password Hash With Insufficient Computational Effort
Summary
Danelec MacGregor Voyage Data Recorder
passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Danelec | MacGregor Voyage Data Recorder (VDR) G4e |
Affected:
0 , < 5.250
(custom)
|
Date Public
2026-05-28 17:22
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T19:44:32.498800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T19:44:47.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MacGregor Voyage Data Recorder (VDR) G4e",
"vendor": "Danelec",
"versions": [
{
"lessThan": "5.250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA."
}
],
"datePublic": "2026-05-28T17:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eDanelec MacGregor Voyage Data Recorder\u003c/span\u003e\n\u003cspan\u003epasswords are stored with a hashing method which limits password length and is susceptible to brute force attacks.\u003c/span\u003e"
}
],
"value": "Danelec MacGregor Voyage Data Recorder\npasswords are stored with a hashing method which limits password length and is susceptible to brute force attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T17:42:15.577Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.danelec.com/contact"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-01.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eDanelec has released firmware version V5.250 to resolve these vulnerabilities. Users of MacGregor Voyage Data Recorder (VDR) G4e devices are encouraged to update the firmware at the earliest service attendance rather than waiting for an annual performance test. Contact Danelec with additional questions:\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.danelec.com/contact\"\u003ehttps://www.danelec.com/contact\u003c/a\u003e"
}
],
"value": "Danelec has released firmware version V5.250 to resolve these vulnerabilities. Users of MacGregor Voyage Data Recorder (VDR) G4e devices are encouraged to update the firmware at the earliest service attendance rather than waiting for an annual performance test. Contact Danelec with additional questions:\u00a0 https://www.danelec.com/contact"
}
],
"source": {
"advisory": "ICSA-26-148-01",
"discovery": "EXTERNAL"
},
"title": "MacGregor Voyage Data Recorder (VDR) G4e Use of Password Hash With Insufficient Computational Effort",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-44611",
"datePublished": "2026-05-29T17:42:15.577Z",
"dateReserved": "2026-05-07T16:55:26.109Z",
"dateUpdated": "2026-05-29T19:44:47.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45027 (GCVE-0-2026-45027)
Vulnerability from cvelistv5 – Published: 2026-05-27 15:24 – Updated: 2026-05-27 17:52
VLAI
Title
WeGIA: Use of Weak Password Hashing Algorithm (SHA-256, no salt) in html/login.php
Summary
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash() function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in controle/FuncionarioControle.php follows the same pattern. SHA-256 is a general-purpose cryptographic hash built for speed, not password storage. Without a salt, identical passwords produce identical digests, making the entire hash database vulnerable to a single precomputed rainbow table lookup. This vulnerability is fixed in 3.7.3.
Severity
5.9 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/LabRedesCefetRJ/WeGIA/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LabRedesCefetRJ | WeGIA |
Affected:
< 3.7.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45027",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T17:51:37.251231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T17:52:00.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-hcgv-vmq6-j6qg"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WeGIA",
"vendor": "LabRedesCefetRJ",
"versions": [
{
"status": "affected",
"version": "\u003c 3.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP\u0027s hash() function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in controle/FuncionarioControle.php follows the same pattern. SHA-256 is a general-purpose cryptographic hash built for speed, not password storage. Without a salt, identical passwords produce identical digests, making the entire hash database vulnerable to a single precomputed rainbow table lookup. This vulnerability is fixed in 3.7.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-759",
"description": "CWE-759: Use of a One-Way Hash without a Salt",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916: Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T15:24:21.616Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-hcgv-vmq6-j6qg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-hcgv-vmq6-j6qg"
}
],
"source": {
"advisory": "GHSA-hcgv-vmq6-j6qg",
"discovery": "UNKNOWN"
},
"title": "WeGIA: Use of Weak Password Hashing Algorithm (SHA-256, no salt) in html/login.php"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45027",
"datePublished": "2026-05-27T15:24:21.616Z",
"dateReserved": "2026-05-08T16:58:28.896Z",
"dateUpdated": "2026-05-27T17:52:00.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45787 (GCVE-0-2026-45787)
Vulnerability from cvelistv5 – Published: 2026-05-28 17:17 – Updated: 2026-05-29 15:29
VLAI
Title
electerm's encrypt method not safe enough
Summary
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks. This vulnerability is fixed in 3.9.5.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/electerm/electerm/security/adv… | x_refsource_CONFIRM |
| https://github.com/electerm/electerm/commit/9dd82… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T15:29:07.655890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T15:29:15.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electerm",
"vendor": "electerm",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks. This vulnerability is fixed in 3.9.5."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326: Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-329",
"description": "CWE-329: Generation of Predictable IV with CBC Mode",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-353",
"description": "CWE-353: Missing Support for Integrity Check",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-759",
"description": "CWE-759: Use of a One-Way Hash without a Salt",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916: Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T17:17:56.385Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electerm/electerm/security/advisories/GHSA-g29v-q6h7-76wh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electerm/electerm/security/advisories/GHSA-g29v-q6h7-76wh"
},
{
"name": "https://github.com/electerm/electerm/commit/9dd8295e37d53396b980cd45dfc5ed11ad79b937",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electerm/electerm/commit/9dd8295e37d53396b980cd45dfc5ed11ad79b937"
}
],
"source": {
"advisory": "GHSA-g29v-q6h7-76wh",
"discovery": "UNKNOWN"
},
"title": "electerm\u0027s encrypt method not safe enough"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45787",
"datePublished": "2026-05-28T17:17:56.385Z",
"dateReserved": "2026-05-13T08:19:32.602Z",
"dateUpdated": "2026-05-29T15:29:15.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9641 (GCVE-0-2026-9641)
Vulnerability from cvelistv5 – Published: 2026-06-12 14:57 – Updated: 2026-06-14 14:46
VLAI
Title
Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations
Summary
Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations.
The default algorithm is HMAC-SHA1, which should only be used for legacy systems.
These versions default to using 1000 iterations.
Depending on the chosen algorithm, 220,000 to 1,400,000 iterations should be used.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
7 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ARODLAND | Crypt::PBKDF2 |
Affected:
0 , < 0.261630
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-9641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T17:46:14.634769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T17:46:30.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-06-14T14:46:24.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/12/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/13/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/14/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/14/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/14/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Crypt-PBKDF2",
"product": "Crypt::PBKDF2",
"repo": "https://github.com/arodland/Crypt-PBKDF2",
"vendor": "ARODLAND",
"versions": [
{
"lessThan": "0.261630",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations.\n\nThe default algorithm is HMAC-SHA1, which should only be used for legacy systems.\n\nThese versions default to using 1000 iterations.\n\nDepending on the chosen algorithm, 220,000 to 1,400,000 iterations should be used."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T14:57:30.534Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/ARODLAND/Crypt-PBKDF2-0.261630/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 0.261630 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations",
"workarounds": [
{
"lang": "en",
"value": "Change the default algorithm to something stronger, such as \"HMACSHA2\", and the output_len accordingly (32 for SHA256).\n\nThe number of iterations should also be increased (600,000 for SHA256, for example)."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-9641",
"datePublished": "2026-06-12T14:57:30.534Z",
"dateReserved": "2026-05-26T18:44:37.132Z",
"dateUpdated": "2026-06-14T14:46:24.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-51
Phase: Architecture and Design
Description:
- Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.
- Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.
- Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment's needs.
Mitigation ID: MIT-25
Phases: Implementation, Architecture and Design
Description:
- When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
CAPEC-55: Rainbow Table Password Cracking
An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system.