CWE-916: Use of Password Hash With Insufficient Computational Effort
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
Last updated
Overview
Many password storage mechanisms compute a hash and store the hash, instead of storing the original password in plaintext. In this design, authentication involves accepting an incoming password, computing its hash, and comparing it to the stored hash. Many hash algorithms are designed to execute quickly with minimal overhead, even cryptographic hashes. However, this efficiency is a problem for password storage, because it can reduce an attacker's workload for brute-force password cracking. If an attacker can obtain the hashes through some other method (such as SQL injection on a database that stores hashes), then the attacker can store the hashes offline and use various techniques to crack the passwords by computing hashes efficiently. Without a built-in workload, modern attacks can compute large numbers of hashes, or even exhaust the entire space of all possible passwords, within a very short amount of time, using massively-parallel computing (such as cloud computing) and GPU, ASIC, or FPGA hardware. In such a scenario, an efficient hash algorithm helps the attacker. There are several properties of a hash scheme that are relevant to its strength against an offline, massively-parallel attack: The amount of CPU time required to compute the hash ("stretching") The amount of memory required to compute the hash ("memory-hard" operations) Including a random value, along with the password, as input to the hash computation ("salting") Given a hash, there is no known way of determining an input (e.g., a password) that produces this hash value, other than by guessing possible inputs ("one-way" hashing) Relative to the number of all possible hashes that can be generated by the scheme, there is a low likelihood of producing the same hash for multiple different inputs ("collision resistance") Note that the security requirements for the product may vary depending on the environment and the value of the passwords. Different schemes might not provide all of these properties, yet may still provide sufficient security for the environment. Conversely, a solution might be very strong in preserving one property, which still being very weak for an attack against another property, or it might not be able to significantly reduce the efficiency of a massively-parallel attack.
Real-world CVEs
62 recorded CVEs are caused by CWE-916 (Use of Password Hash With Insufficient Computational Effort). The highest-severity and most recent are shown first. 9 new CWE-916 CVEs have been recorded so far in 2026 (9 in 2025).
- CVE-2020-14516Critical · CVSS 10.0 · EPSS 90th2021-03-18
- CVE-2025-3937
Use of Password Hash with Insufficient Computational Effort
Critical · CVSS 9.8 · EPSS 24th2025-05-22 - CVE-2024-5743Critical · CVSS 9.8 · EPSS 29th2025-01-13
- CVE-2023-5846
Use of Password Hash With Insufficient Computational Effort in Franklin Fueling System TS-550
Critical · CVSS 9.8 · EPSS 20th2023-11-02 - CVE-2023-34433Critical · CVSS 9.8 · EPSS 33th2023-07-06
- CVE-2021-32519
QSAN Storage Manager, XEVO, SANOS - Use of Password Hash With Insufficient Computational Effort
Critical · CVSS 9.8 · EPSS 54th2021-07-07 - CVE-2018-10618Critical · CVSS 9.8 · EPSS 95th2018-08-01
- CVE-2023-46133Critical · CVSS 9.1 · EPSS 36th2023-10-25
- CVE-2020-16231High · CVSS 8.8 · EPSS 53th2022-05-19
- CVE-2026-55069
Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack
High · CVSS 8.7 · EPSS 5th2026-06-26 - CVE-2026-25861
QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php
High · CVSS 8.2 · EPSS 8th2026-06-02 - CVE-2026-30785
RustDesk Encrypts Local Passwords with World-Readable Machine ID and Fixed Zero Nonce (XSalsa20-Poly1305)
High · CVSS 8.2 · EPSS 0th2026-03-05
Showing 12 of 62 recorded CWE-916 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-916 vulnerabilitiesCommon consequences
What can happen when CWE-916 is exploited.
Bypass Protection Mechanism, Gain Privileges or Assume Identity
Affects: Access Control
If an attacker can gain access to the hashes, then the lack of sufficient computational effort will make it easier to conduct brute force attacks using techniques such as rainbow tables, or specialized hardware such as GPUs, which can be much faster than general-purpose CPUs for computing hashes.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
How to prevent it
Practical mitigations for CWE-916, grouped by where in the lifecycle they apply.
Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.
Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.
Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment's needs.
Effectiveness: High
When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
How to detect it
Automated Static Analysis - Binary or Bytecode
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: SOAR Partial
Manual Static Analysis - Binary or Bytecode
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: SOAR Partial
Manual Static Analysis - Source Code
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: High
Automated Static Analysis - Source Code
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: High
Automated Static Analysis
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: SOAR Partial
Architecture or Design Review
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: High
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
In this example, a new user provides a new username and password to create an account. The program hashes the new user's password then stores it in a database.
Vulnerable example
def storePassword(userName,Password):Safe example
def storePassword(userName,Password):Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2008-1526 — Router does not use a salt with a hash, making it easier to crack passwords.
- CVE-2006-1058 — Router does not use a salt with a hash, making it easier to crack passwords.
- CVE-2008-4905 — Blogging software uses a hard-coded salt when calculating a password hash.
- CVE-2002-1657 — Database server uses the username for a salt when encrypting passwords, simplifying brute force attacks.
- CVE-2001-0967 — Server uses a constant salt when encrypting passwords, simplifying brute force attacks.
- CVE-2005-0408 — chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-916.
- What is CWE-916?
- The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
- What CVEs are caused by CWE-916?
- 62 recorded CVEs are attributed to CWE-916, including CVE-2020-14516, CVE-2025-3937, CVE-2024-5743.
- How do you prevent CWE-916?
- Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.
- How is CWE-916 detected?
- Automated Static Analysis - Binary or Bytecode: According to SOAR [REF-1479], the following detection techniques may be useful:
- What are the consequences of CWE-916?
- Exploiting CWE-916 can lead to: Bypass Protection Mechanism, Gain Privileges or Assume Identity.
- Is CWE-916 actively exploited?
- 62 recorded CVEs are caused by CWE-916; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-916) (opens in a new tab)
- CWE-916 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-916
Get alerted the moment a new CWE-916 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.