Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-836 (在认证机制中使用口令哈希代替口令) — Vulnerability Class 12

12 vulnerabilities classified as CWE-836 (在认证机制中使用口令哈希代替口令). AI Chinese analysis included.

CWE-836 represents a critical authentication weakness where systems compare password hashes directly rather than verifying the original plaintext password. This flaw typically arises when clients generate password hashes locally to reduce server load or avoid transmitting sensitive data over the network. Attackers exploit this by capturing the transmitted hash, which serves as a static credential equivalent to the password itself. Since the hash remains constant, adversaries can replay it to gain unauthorized access without ever needing to crack the underlying password. To prevent this vulnerability, developers must ensure that authentication mechanisms require the transmission of the original plaintext password, which is then hashed and compared securely on the server side. This approach ensures that intercepted data cannot be reused for subsequent login attempts, thereby maintaining robust identity verification.

MITRE CWE Description
The product records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store. Some authentication mechanisms rely on the client to generate the hash for a password, possibly to reduce load on the server or avoid sending the password across the network. However, when the client is used to generate the hash, an attacker can bypass the authentication by obtaining a copy of the hash, e.g. by using SQL injection to compromise a database of authentication credentials, or by exploiting an information exposure. The attacker could then use a modified client to replay the stolen hash without having knowledge of the original password. As a result, the server-side comparison against a client-side hash does not provide any more security than the use of passwords without hashing.
Common Consequences (1)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity
An attacker could bypass the authentication routine without knowing the original password.
CVE IDTitleCVSSSeverityPublished
CVE-2026-40103 Vikunja's Scoped API tokens with projects.background permission can delete project backgrounds — vikunja 4.3 Medium2026-04-10
CVE-2019-25552 CEWE PHOTO SHOW 6.4.3 Denial of Service via Password Field — CEWE PHOTO SHOW 7.5 High2026-03-21
CVE-2025-64471 Fortinet FortiWeb 安全漏洞 — FortiWeb 4.4 Medium2025-12-09
CVE-2025-52543 Login to the application services using only the password hash — E3 Supervisory Control 9.8AICriticalAI2025-09-02
CVE-2025-48925 TeleMessage 安全漏洞 — service 4.3 Medium2025-05-28
CVE-2023-39546 NEC Expresscluster X 安全漏洞 — CLUSTERPRO X (EXPRESSCLUSTER X) 8.8 -2023-11-17
CVE-2023-4299 Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication — Digi RealPort 9.0 Critical2023-08-31
CVE-2023-34132 SonicWALL Analytics和GMS 安全漏洞 — GMS 9.1 -2023-07-13
CVE-2023-23450 SICK FTMg 授权问题漏洞 — SICK FTMG-ESD15AXX AIR FLOW SENSOR 6.2 Medium2023-05-15
CVE-2022-32282 WWBN AVideo 授权问题漏洞 — AVideo 8.8 -2022-08-22
CVE-2021-23857 Login with hash — IndraMotion MLC L25, L45, L65, L75, L85, XM21, XM22, XM41 and XM42 IndraMotion XLC 10.0 Critical2021-10-04
CVE-2017-7927 多款大华产品安全漏洞 — Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras 9.4 -2017-05-06

Vulnerabilities classified as CWE-836 (在认证机制中使用口令哈希代替口令) represent 12 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.