CWE-760 10 個 CVE MITRE 定義 ↗

CWE-760:Use of a One-Way Hash with a Predictable Salt

概覽

CWE-760(Use of a One-Way Hash with a Predictable Salt)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product uses a predictable salt as part of the input.

背景詳情

來自 CWE 目錄的擴展上下文(由 MITRE XHTML 渲染)。

In cryptography, salt refers to some random addition of data to an input before hashing to make dictionary attacks more difficult.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-46749 2026-06-09 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all use…
CVE-2026-9370 2026-05-24 A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/j…
CVE-2025-9290 2026-01-22 An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network…
CVE-2024-13951 2025-05-22 One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRI…
CVE-2025-26486 2025-03-19 Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life …
CVE-2024-38881 2024-08-02 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to th…
CVE-2023-22599 2023-01-12 InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Sa…
CVE-2021-38314 2021-09-02 The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux…
CVE-2020-28214 2020-12-10 A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionar…
CVE-2018-5552 2018-03-19 Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper".

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2009-03-03
版本
1.3

內容修訂

日期 名稱 版本 重要性 評論
2009-10-29 CWE Content Team 1.6 updated Observed_Examples, Relationships
2010-02-16 CWE Content Team 1.8 updated References
2011-03-29 CWE Content Team 1.12 updated Observed_Examples
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated References, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations, References
2013-02-21 CWE Content Team 2.4 updated Description, Potential_Mitigations, References, Relationships, Type
2014-02-18 CWE Content Team 2.6 updated Potential_Mitigations, References
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-01-19 CWE Content Team 2.10 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Modes_of_Introduction, References, Relationships
2018-03-27 CWE Content Team 3.1 updated References
2019-06-20 CWE Content Team 3.3 updated Type
2020-02-24 CWE Content Team 4.0 updated Relationships
2021-07-20 CWE Content Team 4.5 updated Maintenance_Notes
2021-10-28 CWE Content Team 4.6 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, References, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated References
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Relationships, Weakness_Ordinalities
cvelogic Threat Intelligence