VYPR

CWE-326

Inadequate Encryption Strength

ClassDraft

Description

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-112 · CAPEC-192 · CAPEC-20

CVEs mapped to this weakness (194)

page 1 of 10
  • CVE-2017-1000486CriKEVJan 3, 2018
    risk 0.86cvss 9.8epss 0.94

    Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution

  • CVE-2017-11317CriKEVAug 23, 2017
    risk 0.85cvss 9.8epss 0.83

    Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

  • CVE-2018-25272CriApr 22, 2026
    risk 0.64cvss 9.8epss 0.00

    ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and…

  • CVE-2018-0448CriOct 5, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient…

  • CVE-2018-15124CriAug 13, 2018
    risk 0.64cvss 9.8epss 0.01

    Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.

  • CVE-2018-7242CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.01

    Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.

  • CVE-2015-0575CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.

  • CVE-2014-9975CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.

  • CVE-2017-7673CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.02

    Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.

  • CVE-2017-7905CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.01

    A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware…

  • CVE-2017-7903CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.03

    A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series…

  • CVE-2017-7888CriMay 10, 2017
    risk 0.64cvss 9.8epss 0.01

    Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.

  • CVE-2017-8076CriApr 23, 2017
    risk 0.64cvss 9.8epss 0.01

    On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

  • CVE-2016-5804CriJul 15, 2016
    risk 0.64cvss 9.8epss 0.01

    Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.

  • CVE-2025-2516CriMar 27, 2025
    risk 0.62cvss epss 0.00

    The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate,…

  • CVE-2025-45765CriAug 7, 2025
    risk 0.59cvss 9.1epss 0.00

    ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of…

  • CVE-2025-7398CriJul 17, 2025
    risk 0.59cvss 9.1epss 0.00

    Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.

  • CVE-2017-16726CriJun 27, 2018
    risk 0.59cvss 9.1epss 0.01

    Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on…

  • CVE-2017-14090CriDec 16, 2017
    risk 0.59cvss 9.1epss 0.01

    A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.

  • CVE-2017-7229CriMay 3, 2017
    risk 0.59cvss 9.1epss 0.01

    PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this…