Weaknesses of type CWE-836
14 resultsCVE-2017-7927—A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-EPSS 36.7%CVE-2023-34132—Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This EPSS 6.5%CVE-2022-32282HIGHAn improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a useEPSS 1.6%CVE-2021-23857CRITICALLogin with hashEPSS 1.2%CVE-2023-23614HIGHImproper session handling of "Remember me for 7 days" functionalityEPSS 1.0%CVE-2023-23450MEDIUMUse of Password Hash Instead of Password for Authentication in SICK FTMg AIR
FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114EPSS 0.7%CVE-2023-39546—CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleEPSS 0.6%CVE-2023-4299CRITICALDigi RealPort Protocol Use of Password Hash Instead of Password for AuthenticationEPSS 0.5%CVE-2019-25552HIGHCEWE PHOTO SHOW 6.4.3 Denial of Service via Password FieldEPSS 0.4%CVE-2025-64471MEDIUMA use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1EPSS 0.3%CVE-2025-52543MEDIUMLogin to the application services using only the password hashEPSS 0.3%CVE-2025-62618HIGHELOG file upload stored XSSEPSS 0.3%CVE-2025-48925MEDIUMThe TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash asEPSS 0.2%CVE-2026-40103MEDIUMVikunja's Scoped API tokens with projects.background permission can delete project backgroundsEPSS 0.2%