LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CWE WEAKNESSES  /  CWE-328

CWE-328

Use of Weak Hash

Base

What it is

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

A hash function is defined as an algorithm that maps arbitrarily sized data into a fixed-sized digest (output) such that the following properties hold:1. The algorithm is not invertible (also called "one-way" or "not reversible")1. The algorithm is deterministic; the same input produces the same digest every timeBuilding on this definition, a cryptographic hash function must also ensure that a malicious actor cannot leverage the hash function to have a reasonable chance of success at determining any of the following:1. the original input (preimage attack), given only the digest1. another input that can produce the same digest (2nd preimage attack), given the original input1. a set of two or more inputs that evaluate to the same digest (birthday attack), given the actor can arbitrarily choose the inputs to be hashed and can do so a reasonable amount of timesWhat

Impact

Access ControlBypass Protection Mechanism

Mitigations

  • [Architecture and Design]Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For

Real-world CVE examples

  • CVE-2022-30320 — Programmable Logic Controller (PLC) uses a protocol with a cryptographically insecure hashing algorithm for passwords.
  • CVE-2005-4900 — SHA-1 algorithm is not collision-resistant.
  • CVE-2020-25685 — DNS product uses a weak hash (CRC32 or SHA-1) of the query name, allowing attacker to forge responses by computing domain names with the same hash.
  • CVE-2012-6707 — blogging product uses MD5-based algorithm for passwords.
  • CVE-2019-14855 — forging of certificate signatures using SHA-1 collisions.
  • CVE-2017-15999 — mobile app for backup sends SHA-1 hash of password in cleartext.
  • CVE-2006-4068 — Hard-coded hashed values for username and password contained in client-side script, allowing brute-force offline attacks.

Related weaknesses

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →

Scroll to Top