Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-328 (可逆的单向哈希) — Vulnerability Class 49

49 vulnerabilities classified as CWE-328 (可逆的单向哈希). AI Chinese analysis included.

CWE-328 represents a cryptographic weakness where software employs hash algorithms that fail to meet modern security standards, rendering them vulnerable to preimage, second preimage, and birthday attacks. Attackers typically exploit this flaw by reversing the hash to discover original inputs or generating collisions to bypass authentication mechanisms, effectively compromising data integrity and confidentiality. This vulnerability often arises when developers use legacy algorithms like MD5 or SHA-1 for security-critical tasks such as password storage or digital signatures. To mitigate this risk, developers must transition to robust, collision-resistant algorithms such as SHA-256 or SHA-3. Additionally, implementing salted hashing techniques further strengthens security by ensuring identical inputs produce distinct outputs, thereby neutralizing rainbow table attacks and preventing adversaries from easily determining original values through computational brute force.

MITRE CWE Description
The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack). A hash function is defined as an algorithm that maps arbitrarily sized data into a fixed-sized digest (output) such that the following properties hold: The algorithm is not invertible (also called "one-way" or "not reversible") The algorithm is deterministic; the same input produces the same digest every time Building on this definition, a cryptographic hash function must also ensure that a malicious actor cannot leverage the hash function to have a reasonable chance of success at determining any of the following: the original input (preimage attack), given only the digest another input that can produce the same digest (2nd preimage attack), given the original input a set of two or more inputs that evaluate to the same digest (birthday attack), given the actor can arbitrarily choose the inputs to be hashed and can do so a reasonable amount of times What is regarded as "reasonable" varies by context and threat model, but in general, "reasonable" could cover any attack that is more efficient than brute force (i.e., on average, attempting half of all possible combinations). Note that some attacks might be more efficient t…
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignUse an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For ex…
Effectiveness: High
Examples (2)
In both of these examples, a user is logged in if their given password matches a stored password:
unsigned char *check_passwd(char *plaintext) { ctext = simple_digest("sha1",plaintext,strlen(plaintext), ... ); //Login if hash matches stored hash if (equal(ctext, secret_password())) { login_user(); } }
Bad · C
String plainText = new String(plainTextIn); MessageDigest encer = MessageDigest.getInstance("SHA"); encer.update(plainTextIn); byte[] digest = password.digest(); //Login if hash matches stored hash if (equal(digest,secret_password())) { login_user(); }
Bad · Java
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2024-56414 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 16 7.7 -2025-01-02
CVE-2024-56516 free-one-api uses md5 for password storage — free-one-api 9.8 -2024-12-30
CVE-2024-55885 Beego Vulnerable to Collision Hazards of MD5 in Cache Key Filenames — beego 9.1 -2024-12-12
CVE-2024-54143 openwrt/asu allows build artifact poisoning via truncated SHA-256 hash and command injection — asu 8.8 -2024-12-06
CVE-2024-48847 MD5 bypass operation — ASPECT-Enterprise 8.2 High2024-12-05
CVE-2024-52521 Nextcloud Server has a potential hash collision for background jobs could skip queuing them — security-advisories 2.6 Low2024-11-15
CVE-2024-48924 MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow — MessagePack-CSharp 7.5AIHighAI2024-10-17
CVE-2024-8453 PLANET Technology switch devices - Weak hash for users' passwords — GS-4210-24PL4C hardware 2.0 4.9 Medium2024-09-30
CVE-2024-47182 Dozzle uses unsafe hash for passwords — dozzle 4.8 Medium2024-09-27
CVE-2023-5962 ioLogik E1200 Series: Weak Cryptographic Algorithm Vulnerability — ioLogik E1200 Series 6.5 Medium2023-12-23
CVE-2023-44319 Siemens 多款产品 安全漏洞 — RUGGEDCOM RM1224 LTE(4G) EU 4.9 Medium2023-11-14
CVE-2023-46233 crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard — crypto-js 9.1 Critical2023-10-25
CVE-2023-46133 crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard — crypto-es 9.1 Critical2023-10-25
CVE-2023-2900 NFine Rapid Development Platform CheckLogin weak hash — Rapid Development Platform 3.7 Low2023-05-25
CVE-2022-45141 Samba 加密问题漏洞 — Samba 8.8 -2023-03-06
CVE-2023-0452 Econolite EOS traffic control software 加密问题漏洞 — EOS 9.8 Critical2023-01-26
CVE-2022-3433 aeson 加密问题漏洞 — aeson 6.5 -2022-10-10
CVE-2022-29835 WD Discovery's Use of Weak Hashing Algorithm for Code Signing — WD Discovery 5.3 Medium2022-09-19
CVE-2019-13539 Medtronic Valleylab FT10 and FX8 Reversible One-way Hash — Valleylab Exchange Client 7.0 High2019-11-08

Vulnerabilities classified as CWE-328 (可逆的单向哈希) represent 49 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.