According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Bytecode Weakness Analysis - including disassembler + source code weakness analysis Binary Weakness Analysis - including disassembler + source code weakness analysis
CWE-916 Base Incomplete
Use of Password Hash With Insufficient Computational Effort
This vulnerability occurs when a system protects passwords by hashing them, but uses a hashing algorithm that is too fast or computationally cheap. This makes it easy for attackers to crack the…
Definition
What is CWE-916?
This vulnerability occurs when a system protects passwords by hashing them, but uses a hashing algorithm that is too fast or computationally cheap. This makes it easy for attackers to crack the stored password hashes using brute-force methods.
Storing password hashes instead of plaintext passwords is a fundamental security practice, but not all hashes are created equal. Fast, efficient cryptographic hashes like MD5 or SHA-1 are designed for speed, which becomes a major weakness for password storage. If an attacker steals these hashes (e.g., via a database breach), they can use powerful, parallel computing (like GPUs or cloud clusters) to test billions of password guesses per second, rapidly recovering user credentials. To resist these attacks, a password hashing scheme must be deliberately slow, memory-intensive, and include a unique salt for each password.
Effective password hashing requires a combination of computational cost (key stretching), memory-hard operations, and salting to significantly slow down an attacker's offline cracking attempts. While SAST tools can detect the use of weak hash functions, Plexicus uses AI to analyze your codebase for these patterns and provides automated, context-aware remediation guidance, helping you upgrade to robust algorithms like Argon2, bcrypt, or scrypt efficiently. This shifts the security balance, making cracking attempts prohibitively expensive and time-consuming for attackers.
Real-world impact
Real-world CVEs caused by CWE-916
-
Router does not use a salt with a hash, making it easier to crack passwords.
-
Router does not use a salt with a hash, making it easier to crack passwords.
-
Blogging software uses a hard-coded salt when calculating a password hash.
-
Database server uses the username for a salt when encrypting passwords, simplifying brute force attacks.
-
Server uses a constant salt when encrypting passwords, simplifying brute force attacks.
-
chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.
How attackers exploit it
Step-by-step attacker path
- 1
In this example, a new user provides a new username and password to create an account. The program hashes the new user's password then stores it in a database.
- 2
While it is good to avoid storing a cleartext password, the program does not provide a salt to the hashing function, thus increasing the chances of an attacker being able to reverse the hash and discover the original password if the database is compromised.
- 3
Fixing this is as simple as providing a salt to the hashing function on initialization:
- 4
Note that regardless of the usage of a salt, the md5 hash is no longer considered secure, so this example still exhibits CWE-327.
Vulnerable code example
Vulnerable Python
In this example, a new user provides a new username and password to create an account. The program hashes the new user's password then stores it in a database.
def storePassword(userName,Password):
hasher = hashlib.new('md5')
hasher.update(Password)
hashedPassword = hasher.digest()
```
# UpdateUserLogin returns True on success, False otherwise*
return updateUserLogin(userName,hashedPassword) Secure code example
Secure Python
Fixing this is as simple as providing a salt to the hashing function on initialization:
def storePassword(userName,Password):
hasher = hashlib.new('md5',b'SaltGoesHere')
hasher.update(Password)
hashedPassword = hasher.digest()
```
# UpdateUserLogin returns True on success, False otherwise*
return updateUserLogin(userName,hashedPassword) What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Prevention checklist
How to prevent CWE-916
- Architecture and Design Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use. Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead. Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment's needs.
- Implementation / Architecture and Design When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
Detection signals
How to detect CWE-916
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Focused Manual Spotcheck - Focused manual analysis of source Manual Source Code Review (not inspections)
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Configuration Checker
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Formal Methods / Correct-By-Construction ``` Cost effective for partial coverage: ``` Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)
Plexicus auto-detects CWE-916 and opens a fix PR in under 60 seconds.
Codex Remedium scans every commit, identifies this exact weakness, and ships a reviewer-ready pull request with the patch. No tickets. No hand-offs.
Frequently asked questions What is CWE-916?
How serious is CWE-916?
What languages or platforms are affected by CWE-916?
How can I prevent CWE-916?
How does Plexicus detect and fix CWE-916?
Where can I learn more about CWE-916?
Frequently asked questions
What is CWE-916?
This vulnerability occurs when a system protects passwords by hashing them, but uses a hashing algorithm that is too fast or computationally cheap. This makes it easy for attackers to crack the stored password hashes using brute-force methods.
How serious is CWE-916?
MITRE has not published a likelihood-of-exploit rating for this weakness. Treat it as medium-impact until your threat model proves otherwise.
What languages or platforms are affected by CWE-916?
MITRE has not specified affected platforms for this CWE — it can apply across most application stacks.
How can I prevent CWE-916?
Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally,…
How does Plexicus detect and fix CWE-916?
Plexicus's SAST engine matches the data-flow signature for CWE-916 on every commit. When a match is found, our Codex Remedium agent opens a fix PR with the corrected code, tests, and a one-line summary for the reviewer.
Where can I learn more about CWE-916?
MITRE publishes the canonical definition at https://cwe.mitre.org/data/definitions/916.html. You can also reference OWASP and NIST documentation for adjacent guidance.
Related weaknesses
Weaknesses related to CWE-916
CWE-328 Parent
Use of Weak Hash
This vulnerability occurs when software uses a hashing algorithm that is cryptographically weak, allowing attackers to feasibly reverse…
CWE-759 Child
Use of a One-Way Hash without a Salt
This vulnerability occurs when a system uses a one-way hash function (like MD5 or SHA-256) to protect sensitive data like passwords, but…
CWE-760 Child
Use of a One-Way Hash with a Predictable Salt
This vulnerability occurs when an application uses a one-way hash (like for password storage) but combines it with a predictable or easily…
Resources
Further reading
- MITRE — official CWE-916 https://cwe.mitre.org/data/definitions/916.html
- bcrypt https://bcrypt.sourceforge.net/
- Tarsnap - The scrypt key derivation function and encryption utility http://www.tarsnap.com/scrypt.html
- RFC2898 - PKCS #5: Password-Based Cryptography Specification Version 2.0 https://www.rfc-editor.org/rfc/rfc2898
- How To Safely Store A Password https://codahale.com/how-to-safely-store-a-password/
- How Companies Can Beef Up Password Security (interview with Thomas H. Ptacek) https://krebsonsecurity.com/2012/06/how-companies-can-beef-up-password-security/
- Password security: past, present, future https://www.openwall.com/presentations/PHDays2012-Password-Security/
Ready when you are
Don't Let Security
Weigh You Down.
Stop choosing between AI velocity and security debt. Plexicus is the only platform that runs Vibe Coding Security and ASPM in parallel — one workflow, every codebase.