Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-328 (可逆的单向哈希) — Vulnerability Class 49

49 vulnerabilities classified as CWE-328 (可逆的单向哈希). AI Chinese analysis included.

CWE-328 represents a cryptographic weakness where software employs hash algorithms that fail to meet modern security standards, rendering them vulnerable to preimage, second preimage, and birthday attacks. Attackers typically exploit this flaw by reversing the hash to discover original inputs or generating collisions to bypass authentication mechanisms, effectively compromising data integrity and confidentiality. This vulnerability often arises when developers use legacy algorithms like MD5 or SHA-1 for security-critical tasks such as password storage or digital signatures. To mitigate this risk, developers must transition to robust, collision-resistant algorithms such as SHA-256 or SHA-3. Additionally, implementing salted hashing techniques further strengthens security by ensuring identical inputs produce distinct outputs, thereby neutralizing rainbow table attacks and preventing adversaries from easily determining original values through computational brute force.

MITRE CWE Description
The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack). A hash function is defined as an algorithm that maps arbitrarily sized data into a fixed-sized digest (output) such that the following properties hold: The algorithm is not invertible (also called "one-way" or "not reversible") The algorithm is deterministic; the same input produces the same digest every time Building on this definition, a cryptographic hash function must also ensure that a malicious actor cannot leverage the hash function to have a reasonable chance of success at determining any of the following: the original input (preimage attack), given only the digest another input that can produce the same digest (2nd preimage attack), given the original input a set of two or more inputs that evaluate to the same digest (birthday attack), given the actor can arbitrarily choose the inputs to be hashed and can do so a reasonable amount of times What is regarded as "reasonable" varies by context and threat model, but in general, "reasonable" could cover any attack that is more efficient than brute force (i.e., on average, attempting half of all possible combinations). Note that some attacks might be more efficient t…
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignUse an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For ex…
Effectiveness: High
Examples (2)
In both of these examples, a user is logged in if their given password matches a stored password:
unsigned char *check_passwd(char *plaintext) { ctext = simple_digest("sha1",plaintext,strlen(plaintext), ... ); //Login if hash matches stored hash if (equal(ctext, secret_password())) { login_user(); } }
Bad · C
String plainText = new String(plainTextIn); MessageDigest encer = MessageDigest.getInstance("SHA"); encer.update(plainTextIn); byte[] digest = password.digest(); //Login if hash matches stored hash if (equal(digest,secret_password())) { login_user(); }
Bad · Java
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2026-34527 Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction — Sandboxie 8.1 -2026-05-05
CVE-2026-7845 chatchat-space Langchain-Chatchat Vision Chat Paste Image dialogue.py PIL.Image.tobytes weak hash — Langchain-Chatchat 2.6 Low2026-05-05
CVE-2026-7103 code-projects Chat System MD5 Hash update_user.php weak hash — Chat System 3.7 Low2026-04-27
CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed — jq 7.5 High2026-04-13
CVE-2026-32129 Poseidon V1 variable-length input collision via implicit zero-padding — rs-soroban-poseidon 7.5AIHighAI2026-03-12
CVE-2025-41762 Secret leak with wwwdnload.cgi — UBR-01 Mk II 6.2 Medium2026-03-09
CVE-2026-27754 SODOLA SL902-SWTGW124AS <= 200.1.20 MD5 Session Token Generation — SODOLA SL902-SWTGW124AS 6.5 Medium2026-02-27
CVE-2025-14636 Tenda AX9 httpd image_check weak hash — AX9 3.7 Low2025-12-13
CVE-2025-11650 Tomofun Furbo 360/Furbo Mini Password shadow weak hash — Furbo 360 1.8 Low2025-10-12
CVE-2025-59354 Dragonfly has weak integrity checks for downloaded files — dragonfly 6.5AIMediumAI2025-09-17
CVE-2025-9078 Weak cache keys lead to post IDOR and link preview poisoning — Mattermost 4.3 Medium2025-09-15
CVE-2025-55053 Baicells多款产品 安全漏洞 — NOVA430e/430i, NOVA436Q, NEUTRINO430, NOVA846 6.5 Medium2025-09-09
CVE-2025-9383 FNKvision Y215 CCTV Camera passwd crypt weak hash — Y215 CCTV Camera 2.5 Low2025-08-24
CVE-2025-54535 JetBrains TeamCity 安全漏洞 — TeamCity 5.8 Medium2025-07-28
CVE-2025-8260 Vaelsys VaelsysV4 Web interface vgrid_server.php weak hash — VaelsysV4 3.1 Low2025-07-28
CVE-2025-41256 Cyberduck and Mountain Duck - Weak Hash Algorithm for Certificate Fingerprint — Cyberduck 7.4 High2025-06-25
CVE-2025-49197 Deprecated TLS version supported — SICK Media Server 6.5 Medium2025-06-12
CVE-2024-23589 HCL Glovius Cloud is susceptible to an Outdated Hash Algorithm vulnerability — HCL Glovius Cloud 6.8 Medium2025-05-30
CVE-2024-38341 IBM Sterling Secure Proxy information disclosure — Sterling Secure Proxy 5.9 Medium2025-05-28
CVE-2025-48931 TeleMessage 安全漏洞 — service 3.2 Low2025-05-28
CVE-2025-41652 Weidmueller: Authentication Bypass Vulnerability in Industrial Ethernet Switches — IE-SW-VL05M-5TX 9.8 Critical2025-05-27
CVE-2025-47276 Actualizer Uses OpenSSL's "-passwd" Function Which Uses SHA512 Under The Hood Instead of Proper Password Hasher like Yescript/Argon2i — Actualizer 7.5 High2025-05-13
CVE-2024-47829 pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting — pnpm 6.5 Medium2025-04-23
CVE-2025-3576 Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions 5.9 Medium2025-04-15
CVE-2025-31130 gitoxide does not detect SHA-1 collision attacks — gitoxide 6.8 Medium2025-04-04
CVE-2025-2920 Netis WF-2404 passwd weak hash — WF-2404 2.0 Low2025-03-28
CVE-2025-0508 MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk — aws/sagemaker-python-sdk 7.5 -2025-03-20
CVE-2025-27595 Weak hashing alghrythm — SICK DL100-2xxxxxxx 9.8 Critical2025-03-14
CVE-2024-10026 Improved Seeding and Hashing In gVisor — gVisor 5.3 -2025-01-30
CVE-2025-21604 LangChain4j-AIDeepin Using MD5 to Hash files may cause file upload conflicts — langchain4j-aideepin 8.2 -2025-01-06

Vulnerabilities classified as CWE-328 (可逆的单向哈希) represent 49 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.