VYPR

CWE-326

Inadequate Encryption Strength

ClassDraft

Description

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-112 · CAPEC-192 · CAPEC-20

CVEs mapped to this weakness (194)

page 7 of 10
  • CVE-2015-8085MedOct 3, 2016
    risk 0.32cvss 4.9epss 0.00

    Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software…

  • CVE-2015-4953MedMar 29, 2018
    risk 0.31cvss 4.8epss 0.00

    IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197.

  • CVE-2017-12871MedSep 1, 2017
    risk 0.31cvss 5.9epss 0.00

    The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector…

  • CVE-2025-22446MedMay 13, 2025
    risk 0.30cvss 4.6epss 0.00

    Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2017-2399MedApr 2, 2017
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather…

  • CVE-2016-3034MedFeb 1, 2017
    risk 0.29cvss 4.4epss 0.00

    IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.

  • CVE-2026-5889MedApr 8, 2026
    risk 0.28cvss 4.3epss 0.00

    Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)

  • CVE-2017-9635LowMay 18, 2018
    risk 0.25cvss 3.9epss 0.00

    Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends…

  • CVE-2025-9513LowAug 27, 2025
    risk 0.24cvss 3.7epss 0.00

    A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength. Remote exploitation of the attack is…

  • CVE-2024-30119LowJun 14, 2024
    risk 0.24cvss 3.7epss 0.00

    HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header.  This could allow an attacker to intercept or manipulate data during redirection.

  • CVE-2018-1593LowOct 2, 2018
    risk 0.24cvss 3.7epss 0.00

    IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568.

  • CVE-2025-46833MedMay 8, 2025
    risk 0.23cvss epss 0.00

    Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted.…

  • CVE-2018-18325KEVJul 3, 2019
    risk 0.22cvss epss 0.74

    DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.

  • CVE-2018-15811KEVJul 3, 2019
    risk 0.22cvss epss 0.74

    DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

  • CVE-2025-45764LowAug 6, 2025
    risk 0.21cvss 3.2epss 0.00

    jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a…

  • CVE-2023-6728LowOct 17, 2024
    risk 0.21cvss 3.3epss 0.00

    Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.

  • CVE-2017-2598MedMay 23, 2018
    risk 0.21cvss 4.3epss 0.01

    Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

  • CVE-2015-7449LowMar 20, 2018
    risk 0.21cvss 3.3epss 0.00

    IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2…

  • CVE-2026-0510LowJan 13, 2026
    risk 0.20cvss 3.0epss 0.00

    The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific…

  • CVE-2025-7789LowJul 18, 2025
    risk 0.17cvss 3.7epss 0.00

    A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to…