CWE-326
Inadequate Encryption Strength
Description
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-112 · CAPEC-192 · CAPEC-20
CVEs mapped to this weakness (194)
page 1 of 10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000486 | — | Cri | 0.86 | 9.8 | 0.94 | KEV | Jan 3, 2018 | Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution |
| CVE-2017-11317 | Cri | 0.85 | 9.8 | 0.83 | KEV | Aug 23, 2017 | Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | |
| CVE-2018-25272 | Cri | 0.64 | 9.8 | 0.00 | Apr 22, 2026 | ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and… | ||
| CVE-2018-0448 | Cri | 0.64 | 9.8 | 0.02 | Oct 5, 2018 | A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient… | ||
| CVE-2018-15124 | Cri | 0.64 | 9.8 | 0.01 | Aug 13, 2018 | Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. | ||
| CVE-2018-7242 | Cri | 0.64 | 9.8 | 0.01 | Apr 18, 2018 | Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. | ||
| CVE-2015-0575 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. | ||
| CVE-2014-9975 | Cri | 0.64 | 9.8 | 0.00 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. | ||
| CVE-2017-7673 | Cri | 0.64 | 9.8 | 0.02 | Jul 17, 2017 | Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection. | ||
| CVE-2017-7905 | Cri | 0.64 | 9.8 | 0.01 | Jun 30, 2017 | A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware… | ||
| CVE-2017-7903 | Cri | 0.64 | 9.8 | 0.03 | Jun 30, 2017 | A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series… | ||
| CVE-2017-7888 | Cri | 0.64 | 9.8 | 0.01 | May 10, 2017 | Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | ||
| CVE-2017-8076 | Cri | 0.64 | 9.8 | 0.01 | Apr 23, 2017 | On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | ||
| CVE-2016-5804 | Cri | 0.64 | 9.8 | 0.01 | Jul 15, 2016 | Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value. | ||
| CVE-2025-2516 | Cri | 0.62 | — | 0.00 | Mar 27, 2025 | The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate,… | ||
| CVE-2025-45765 | Cri | 0.59 | 9.1 | 0.00 | Aug 7, 2025 | ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of… | ||
| CVE-2025-7398 | Cri | 0.59 | 9.1 | 0.00 | Jul 17, 2025 | Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036. | ||
| CVE-2017-16726 | Cri | 0.59 | 9.1 | 0.01 | Jun 27, 2018 | Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on… | ||
| CVE-2017-14090 | Cri | 0.59 | 9.1 | 0.01 | Dec 16, 2017 | A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. | ||
| CVE-2017-7229 | Cri | 0.59 | 9.1 | 0.01 | May 3, 2017 | PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this… |
- risk 0.86cvss 9.8epss 0.94
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
- risk 0.85cvss 9.8epss 0.83
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
- risk 0.64cvss 9.8epss 0.00
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and…
- risk 0.64cvss 9.8epss 0.02
A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient…
- risk 0.64cvss 9.8epss 0.01
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.
- risk 0.64cvss 9.8epss 0.01
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.
- risk 0.64cvss 9.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.
- risk 0.64cvss 9.8epss 0.02
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
- risk 0.64cvss 9.8epss 0.01
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware…
- risk 0.64cvss 9.8epss 0.03
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series…
- risk 0.64cvss 9.8epss 0.01
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
- risk 0.64cvss 9.8epss 0.01
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
- risk 0.64cvss 9.8epss 0.01
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.
- risk 0.62cvss —epss 0.00
The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate,…
- risk 0.59cvss 9.1epss 0.00
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of…
- risk 0.59cvss 9.1epss 0.00
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.
- risk 0.59cvss 9.1epss 0.01
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on…
- risk 0.59cvss 9.1epss 0.01
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.
- risk 0.59cvss 9.1epss 0.01
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this…