CWE-836 - Use of Password Hash Instead of Password for Authentication

Description

The software records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.






Latest vulnerabilities for CWE-836

References

Description of CWE-836 on Mitre website