VYPR

CWE-326

Inadequate Encryption Strength

ClassDraft

Description

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-112 · CAPEC-192 · CAPEC-20

CVEs mapped to this weakness (194)

page 9 of 10
  • CVE-2024-28860Mar 27, 2024
    risk 0.00cvss epss 0.00

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen…

  • CVE-2024-23656Jan 25, 2024
    risk 0.00cvss epss 0.00

    Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert…

  • CVE-2023-48051Nov 20, 2023
    risk 0.00cvss epss 0.00

    An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding.

  • CVE-2023-46894Nov 9, 2023
    risk 0.00cvss epss 0.00

    An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.

  • CVE-2023-44690Oct 19, 2023
    risk 0.00cvss epss 0.00

    Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py

  • CVE-2023-31135May 17, 2023
    risk 0.00cvss epss 0.00

    Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the…

  • CVE-2023-27987Apr 10, 2023
    risk 0.00cvss epss 0.01

    In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to…

  • CVE-2022-2582Dec 27, 2022
    risk 0.00cvss epss 0.00

    The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.

  • CVE-2022-45379Nov 15, 2022
    risk 0.00cvss epss 0.00

    Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.

  • CVE-2022-3273Oct 6, 2022
    risk 0.00cvss epss 0.00

    Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.

  • CVE-2022-35513Sep 7, 2022
    risk 0.00cvss epss 0.04

    The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.

  • CVE-2022-2097Jul 5, 2022
    risk 0.00cvss epss 0.02

    AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in…

  • CVE-2022-29249May 24, 2022
    risk 0.00cvss epss 0.01

    JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of…

  • CVE-2022-29161May 5, 2022
    risk 0.00cvss epss 0.00

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the…

  • CVE-2022-24784Mar 25, 2022
    risk 0.00cvss epss 0.01

    Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually…

  • CVE-2021-45458Jan 6, 2022
    risk 0.00cvss epss 0.02

    Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to…

  • CVE-2022-21653Jan 5, 2022
    risk 0.00cvss epss 0.01

    Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not…

  • CVE-2021-39182Nov 8, 2021
    risk 0.00cvss epss 0.01

    EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is…

  • CVE-2021-3680Aug 4, 2021
    risk 0.00cvss epss 0.00

    showdoc is vulnerable to Missing Cryptographic Step

  • CVE-2020-26263Dec 21, 2020
    risk 0.00cvss epss 0.01

    tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS#1 v1.5 decryption is data dependant. In particular, the code…