CVE-2023-33838

MEDIUM Year: 2023
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-759
View all →

Vulnerability Description

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.

Related Vulnerabilities

CVE-2025-27408

MEDIUM
CVSS:4.8(Medium)

Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher ...

CWE-7592025

CVE-2021-21253

MEDIUM
CVSS:5.3(Medium)

OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there ...

CWE-7592021

CVE-2020-25164

HIGH
CVSS:7.5(High)

A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrati...

CWE-7592020

CVE-2020-16244

HIGH
CVSS:7.2(High)

GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts t...

CWE-7592020

CVE-2021-21253

MEDIUM
CVSS:5.3(Medium)

OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there ...

CWE-7592021

CVE-2025-27408

MEDIUM
CVSS:4.8(Medium)

Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher ...

CWE-7592025