Skip to main content

CWE-836

Use of Password Hash Instead of Password for Authentication

11 CVEs Avg CVSS 7.8 MITRE
3
CRITICAL
5
HIGH
3
MEDIUM
0
LOW
4
POC
0
KEV

Monthly

CVE-2026-9222 CRITICAL Act Now

Authentication bypass in the Setracker2 Android companion app (com.tgelec.setracker) versions 3.1.5 and prior lets an attacker who possesses a user's stored password hash authenticate directly to the backend and gain full account access. Because the backend treats the password hash itself as the secret credential, the hash is password-equivalent and does not need to be cracked back to plaintext. No public exploit identified at time of analysis; the issue was disclosed through CISA/ICS-CERT (advisory VA-26-176-01) and carries a high CVSS 4.0 score of 9.2.

Information Disclosure Google
NVD
CVSS 4.0
9.2
EPSS
0.2%
CVE-2019-25552 HIGH POC This Week

CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cewe Photo Show
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-52543 MEDIUM This Month

E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure E3 Supervisory Controller Firmware
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-48925 MEDIUM Monitor

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Telemessage
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-39546 HIGH This Week

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4299 HIGH This Week

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Realport Connectport Ts 8 16 Firmware Passport Firmware Connectport Lts 8 16 32 Firmware +16
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-34132 CRITICAL POC Emergency

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sonicwall Analytics Global Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
7.4%
CVE-2023-23450 MEDIUM This Month

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ftmg Esd20Axx Firmware Ftmg Esd25Axx Firmware Ftmg Esn40Sxx Firmware Ftmg Esn50Sxx Firmware +3
NVD
CVSS 3.1
6.2
EPSS
0.5%
CVE-2022-32282 HIGH POC This Week

An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Avideo
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-23857 CRITICAL Act Now

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rexroth Indramotion Mlc L20 Firmware Rexroth Indramotion Mlc L40 Firmware Rexroth Indramotion Mlc L25 Firmware Rexroth Indramotion Mlc L45 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
1.2%
EPSS 0% CVSS 9.2
CRITICAL Act Now

Authentication bypass in the Setracker2 Android companion app (com.tgelec.setracker) versions 3.1.5 and prior lets an attacker who possesses a user's stored password hash authenticate directly to the backend and gain full account access. Because the backend treats the password hash itself as the secret credential, the hash is password-equivalent and does not need to be cracked back to plaintext. No public exploit identified at time of analysis; the issue was disclosed through CISA/ICS-CERT (advisory VA-26-176-01) and carries a high CVSS 4.0 score of 9.2.

Information Disclosure Google
NVD
EPSS 0% CVSS 8.7
HIGH POC This Week

CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cewe Photo Show
NVD Exploit-DB VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure E3 Supervisory Controller Firmware
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Telemessage
NVD
EPSS 1% CVSS 8.8
HIGH This Week

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Expresscluster X Expresscluster X Singleserversafe
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Realport Connectport Ts 8 16 Firmware +18
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Emergency

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sonicwall Analytics +1
NVD GitHub
EPSS 1% CVSS 6.2
MEDIUM This Month

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ftmg Esd20Axx Firmware Ftmg Esd25Axx Firmware +5
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Avideo
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rexroth Indramotion Mlc L20 Firmware Rexroth Indramotion Mlc L40 Firmware +10
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy