diff --git a/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql b/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql
index 343a073a27b..736fe100c39 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql
@@ -2,6 +2,8 @@
  * @name Use of a hash function without a salt
  * @description Hashed passwords without a salt are vulnerable to dictionary attacks.
  * @kind path-problem
+ * @problem.severity warning
+ * @precision low
  * @id java/hash-without-salt
  * @tags security
  *       external/cwe-759