Description
The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.
CVE vulnerabilities with CWE-257 (64)
9.1
CVSS
CRITICAL
CVE-2025-8095
pub. 2026-04-14
9.0
CVSS
CRITICAL
CVE-2025-8904
pub. 2025-08-13
8.6
CVSS
HIGH
CVE-2016-15058
pub. 2026-04-03
8.4
CVSS
HIGH
CVE-2025-34180
pub. 2025-12-15
8.4
CVSS
HIGH
CVE-2025-6995
pub. 2025-07-08
8.4
CVSS
HIGH
CVE-2025-6996
pub. 2025-07-08
8.2
CVSS
HIGH
CVE-2026-30785
pub. 2026-03-05
8.1
CVSS
HIGH
CVE-2022-34838
pub. 2022-08-24
8.0
CVSS
HIGH
CVE-2023-31150
pub. 2023-05-10
8.0
CVSS
HIGH
CVE-2022-32519
pub. 2023-01-30
7.8
CVSS
HIGH
CVE-2023-21726
pub. 2023-01-10
7.8
CVSS
HIGH
CVE-2022-22251
pub. 2022-10-18
7.8
CVSS
HIGH
CVE-2017-9942
pub. 2017-08-08
7.7
CVSS
HIGH
CVE-2024-8774
pub. 2025-03-24
7.5
CVSS
HIGH
CVE-2026-20128
pub. 2026-02-25🚩 CISA KEV⚡ EXPLOIT
7.5
CVSS
HIGH
CVE-2025-0280
pub. 2025-09-03
7.5
CVSS
HIGH
CVE-2024-1480
pub. 2024-04-19
7.5
CVSS
HIGH
CVE-2023-5627
pub. 2023-11-01
7.5
CVSS
HIGH
CVE-2021-27485
pub. 2021-06-16
7.3
CVSS
HIGH
CVE-2022-47376
pub. 2023-06-13
Showing 20 of 64 vulnerabilities