Skip to main content

CWE-760

Use of a One-Way Hash with a Predictable Salt

8 CVEs Avg CVSS 5.7 MITRE
1
CRITICAL
1
HIGH
4
MEDIUM
2
LOW
2
POC
0
KEV

Monthly

CVE-2026-46749 MEDIUM CISA This Month

Weak password hashing in Siemens SINEC INS (all versions prior to V1.0 SP2 Update 6) exposes stored credentials to efficient offline recovery due to a static, hardcoded salt shared universally across all users and installations, combined with an insufficient iteration count. An attacker who has obtained high-privileged local access and can extract the password store can leverage the known static salt to construct targeted rainbow tables or run accelerated brute-force attacks, potentially recovering plaintext passwords and achieving unauthorized access to the application and downstream industrial network infrastructure. No public exploit code or CISA KEV listing has been identified at time of analysis, but the cryptographic weakness is deterministic - once hashes are obtained, the static salt eliminates per-user uniqueness and dramatically reduces attack cost.

Authentication Bypass Sinec Ins
NVD VulDB
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-9370 Maven LOW POC Monitor

Cryptographic salt generation in Jasypt Spring Boot library (versions ≤3.0.5 and ≤4.0.4) uses predictable values, enabling offline password cracking attacks against encrypted configuration properties. The SimpleGCMConfig class's getSecretKeySaltGenerator function generates salts without sufficient entropy, reducing the computational cost for attackers who obtain encrypted passwords to derive plaintext through dictionary or brute-force attacks. Public exploit code exists (POC available) with EPSS indicating low probability of widespread exploitation (3.7 CVSS, AC:H). Vendor has not responded to responsible disclosure as of analysis date.

Information Disclosure Java
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.0%
CVE-2025-9290 MEDIUM This Month

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values.

Information Disclosure Eap100 Bridge Kit Firmware Er605 Firmware Eap723 Firmware Eap215 Bridge Kit Firmware +52
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-13951 MEDIUM This Month

One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attacker*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.1
EPSS
0.2%
CVE-2024-38881 HIGH This Week

An issue in Horizon Business Services Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Caterease
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-22599 CRITICAL Act Now

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Inrouter302 Firmware Inrouter615 S Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2020-28214 MEDIUM This Month

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Modicon M221 Firmware
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2018-5552 LOW POC Monitor

Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper". Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Dtisqlinstaller
NVD
CVSS 3.0
3.3
EPSS
0.2%
EPSS 0% CVSS 4.9
MEDIUM This Month

Weak password hashing in Siemens SINEC INS (all versions prior to V1.0 SP2 Update 6) exposes stored credentials to efficient offline recovery due to a static, hardcoded salt shared universally across all users and installations, combined with an insufficient iteration count. An attacker who has obtained high-privileged local access and can extract the password store can leverage the known static salt to construct targeted rainbow tables or run accelerated brute-force attacks, potentially recovering plaintext passwords and achieving unauthorized access to the application and downstream industrial network infrastructure. No public exploit code or CISA KEV listing has been identified at time of analysis, but the cryptographic weakness is deterministic - once hashes are obtained, the static salt eliminates per-user uniqueness and dramatically reduces attack cost.

Authentication Bypass Sinec Ins
NVD VulDB
EPSS 0% CVSS 2.9
LOW POC Monitor

Cryptographic salt generation in Jasypt Spring Boot library (versions ≤3.0.5 and ≤4.0.4) uses predictable values, enabling offline password cracking attacks against encrypted configuration properties. The SimpleGCMConfig class's getSecretKeySaltGenerator function generates salts without sufficient entropy, reducing the computational cost for attackers who obtain encrypted passwords to derive plaintext through dictionary or brute-force attacks. Public exploit code exists (POC available) with EPSS indicating low probability of widespread exploitation (3.7 CVSS, AC:H). Vendor has not responded to responsible disclosure as of analysis date.

Information Disclosure Java
NVD VulDB GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values.

Information Disclosure Eap100 Bridge Kit Firmware Er605 Firmware +54
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attacker*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue in Horizon Business Services Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Caterease
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Inrouter302 Firmware Inrouter615 S Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Modicon M221 Firmware
NVD VulDB
EPSS 0% CVSS 3.3
LOW POC Monitor

Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper". Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Dtisqlinstaller
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy