CWE-257Storing Passwords in a Recoverable Format

Abstraction: Base · CVEs in our corpus: 64

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (0)AI

Control	Title	Family	Why it addresses this CWE
No NIST controls proposed yet.

Top CVEs of this weakness type, ranked by Risk Priority

CVE	Risk	CVSS	EPSS	Published
`CVE-2026-20128` KEV	3.5	7.5	0.0004	2026-02-25
`CVE-2025-6995`	1.7	8.4	0.0009	2025-07-08
`CVE-2025-6996`	1.7	8.4	0.0009	2025-07-08
`CVE-2025-8904`	1.7	8.5	0.0006	2025-08-13
`CVE-2017-9942`	1.6	7.8	0.0005	2017-08-08
`CVE-2022-34838`	1.6	8.1	0.0005	2022-08-24
`CVE-2022-22251`	1.6	7.8	0.0007	2022-10-18
`CVE-2023-21726`	1.6	7.8	0.0018	2023-01-10
`CVE-2022-32519`	1.6	8.0	0.0038	2023-01-30
`CVE-2023-31150`	1.6	8.0	0.0015	2023-05-10
`CVE-2016-15058`	1.6	8.1	0.0000	2026-04-03
`CVE-2021-27485`	1.5	7.5	0.0020	2021-06-16
`CVE-2022-47376`	1.5	7.3	0.0004	2023-06-13
`CVE-2023-5627`	1.5	7.5	0.0008	2023-11-01
`CVE-2024-1480`	1.5	7.5	0.0011	2024-04-19
`CVE-2025-57789`	1.5	5.4	0.0654	2025-08-20
`CVE-2025-0280`	1.5	7.5	0.0001	2025-09-03
`CVE-2019-3736`	1.4	7.2	0.0007	2019-09-27
`CVE-2021-0220`	1.4	6.8	0.0027	2021-01-15
`CVE-2020-8296`	1.4	6.7	0.0063	2021-03-03
`CVE-2023-23382`	1.4	6.5	0.0165	2023-02-14
`CVE-2023-38738`	1.4	6.8	0.0006	2024-01-19
`CVE-2024-32756`	1.4	6.8	0.0009	2024-07-02
`CVE-2024-32932`	1.4	6.8	0.0012	2024-07-02
`CVE-2025-57796`	1.4	6.8	0.0002	2026-01-28