CWE-836
Use of Password Hash Instead of Password for Authentication
The product records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.
Official CWE-836 definition at MITREImpactr finds and proves weaknesses like CWE-836 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist