CWE-257 以可恢复格式存储口令 类弱点 59 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-257指以可恢复格式存储密码的漏洞,属于数据保护缺陷。攻击者或恶意内部人员可利用系统管理员的恢复权限,直接获取明文密码,从而实施凭证重用攻击,危害远超普通明文存储。开发者应避免实现密码恢复功能,改为强制重置机制,并使用不可逆的单向哈希算法加盐存储密码,确保即使数据库泄露,攻击者也无法还原原始凭证。
int VerifyAdmin(char *password) { if (strcmp(compress(password), compressed_password)) { printf("Incorrect Password!\n"); return(0); } printf("Entering Diagnostic Mode...\n"); return(1); }int VerifyAdmin(String password) { if (passwd.Equals(compress(password), compressed_password)) { return(0); } //Diagnostic Mode return(1); }# Java Web App ResourceBundle properties file ... webapp.ldap.username=secretUsername webapp.ldap.password=secretPassword ...... <connectionStrings> <add name="ud_DEV" connectionString="connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;" providerName="System.Data.Odbc" /> </connectionStrings> ...| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-22574 | Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 安全漏洞 — FortiSOAR PaaS | 4.1 | Medium | 2026-04-14 |
| CVE-2026-22576 | Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 安全漏洞 — FortiSOAR PaaS | 4.1 | Medium | 2026-04-14 |
| CVE-2025-8095 | Progress OpenEdge 安全漏洞 — OpenEdge | 8.1 | - | 2026-04-14 |
| CVE-2016-15058 | Belden多款产品 安全漏洞 — Hirschmann HiLCOS Classic Platform | 8.1 | High | 2026-04-03 |
| CVE-2026-22614 | Eaton Easysoft 安全漏洞 — EasySoft | 6.1 | Medium | 2026-03-10 |
| CVE-2026-30785 | RustDesk 安全漏洞 — RustDesk Client | 6.2 | - | 2026-03-05 |
| CVE-2026-20128 | Cisco Catalyst SD-WAN Manager(Cisco SD-WAN vManage) 安全漏洞 — Cisco Catalyst SD-WAN Manager | 7.5 | High | 2026-02-25 |
| CVE-2025-57796 | Explorance Blue 安全漏洞 — Blue | 7.5AI | HighAI | 2026-01-28 |
| CVE-2025-14295 | Carrier i-Vu和Carrier Automated Logic WebCTRL 安全漏洞 — WebCTRL | 8.1AI | HighAI | 2026-01-22 |
| CVE-2025-8307 | Asseco InfoMedica 安全漏洞 — InfoMedica Plus | 6.5 | - | 2026-01-08 |
| CVE-2025-34180 | NetSupport Manager 安全漏洞 — Manager | 9.8AI | CriticalAI | 2025-12-15 |
| CVE-2025-40774 | Siemens SiPass Integrated 安全漏洞 — SiPass integrated | 4.4 | Medium | 2025-10-14 |
| CVE-2025-0280 | HCL Compass 安全漏洞 — Compass | 7.5 | High | 2025-09-03 |
| CVE-2025-57789 | Commvault 安全漏洞 — CommCell | 8.1 | - | 2025-08-20 |
| CVE-2025-8904 | Amazon EMR 安全漏洞 — EMR | 8.5 | High | 2025-08-13 |
| CVE-2025-44958 | RUCKUS Network Director 安全漏洞 — Network Director | 5.3 | Medium | 2025-08-04 |
| CVE-2025-6996 | Ivanti Endpoint Manager 安全漏洞 — Endpoint Manager | 8.4 | High | 2025-07-08 |
| CVE-2025-6995 | Ivanti Endpoint Manager 安全漏洞 — Endpoint Manager | 8.4 | High | 2025-07-08 |
| CVE-2025-27459 | Endress+Hauser MEAC300-FNADE4 安全漏洞 — Endress+Hauser MEAC300-FNADE4 | 4.4 | Medium | 2025-07-03 |
| CVE-2024-51552 | ABB多款产品 安全漏洞 — ASPECT-Enterprise | 6.0 | Medium | 2025-05-22 |
| CVE-2024-32122 | Fortinet FortiOS 安全漏洞 — FortiOS | 2.1 | Low | 2025-04-08 |
| CVE-2025-24852 | Inaba Denki Sangyo CHOCO TEI WATCHER mini 安全漏洞 — CHOCO TEI WATCHER mini (IB-MCT001) | 4.6 | Medium | 2025-03-31 |
| CVE-2024-8774 | SIMPLE.ERP 安全漏洞 — SIMPLE.ERP | 8.8AI | HighAI | 2025-03-24 |
| CVE-2024-32151 | Sharp MFP 安全漏洞 — Multiple MFPs (multifunction printers) | 5.9 | Medium | 2024-11-26 |
| CVE-2024-20462 | Cisco ATA 190 安全漏洞 — Cisco Analog Telephone Adaptor (ATA) Software | 5.5 | Medium | 2024-10-16 |
| CVE-2024-45744 | TopQuadrant TopBraid EDG 安全漏洞 — TopBraid EDG | 3.0 | Low | 2024-09-27 |
| CVE-2024-6694 | WordPress plugin WP Mail SMTP 安全漏洞 — WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin | 2.7 | Low | 2024-07-20 |
| CVE-2024-32932 | Johnson Controls Illustra Essentials Gen 4 安全漏洞 — American Dynamics Illustra Essentials Gen 4 | 6.8 | Medium | 2024-07-02 |
| CVE-2024-32756 | Johnson Controls Illustra Essentials Gen 4 安全漏洞 — American Dynamics Illustra Essentials Gen 4 | 6.8 | Medium | 2024-07-02 |
| CVE-2024-3073 | WordPress plugin Easy WP SMTP by SendLayer 安全漏洞 — Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more | 2.7 | Low | 2024-06-13 |
CWE-257(以可恢复格式存储口令) 是常见的弱点类别,本平台收录该类弱点关联的 59 条 CVE 漏洞。