BaseDraft

CWE-328Use of Weak Hash

Category: other

Description

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

Common consequences· 1

  • Access Control — Bypass Protection Mechanism

Potential mitigations· 1

  • [Architecture and Design]

Related CAPEC attack patterns· 2

CAPEC-461CAPEC-68

References

  1. https://cwe.mitre.org/data/definitions/328.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternWeb Services API Signature Forgery Leveraging Hash Function Extension Weaknesscapec-461100%live
AttackPatternSubvert Code-signing Facilitiescapec-68100%live

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-27595cve-2025-275950%live
VulnerabilityCVE-2025-41652cve-2025-416520%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Use of Password Hash With Insufficient Computational Effort
CWE
Use of a Broken or Risky Cryptographic Algorithm
CWE
Use of a One-Way Hash with a Predictable Salt
CWE
Use of Insufficiently Random Values
CWE
Use of a Cryptographic Primitive with a Risky Implementation
CWE
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.