Vulnerabilities > Cryptographic Issues
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-20 | CVE-2006-5982 | Cryptographic Issues vulnerability in Biba Software Seleniumserver FTP Server 1.0 SeleniumServer FTP Server 1.0, and possibly earlier, stores user passwords in plaintext in the Servers directory, which allows attackers to obtain passwords by reading the file. | 10.0 |
| 2006-09-05 | CVE-2006-4339 | Cryptographic Issues vulnerability in Openssl OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. | 4.3 |
| 2006-04-20 | CVE-2006-1056 | Cryptographic Issues vulnerability in multiple products The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. | 2.1 |
| 2006-02-08 | CVE-2006-0591 | Cryptographic Issues vulnerability in Solar Designer Crypt Blowfish 0.4.7 The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions. | 1.2 |
| 2005-12-07 | CVE-2005-4066 | Cryptographic Issues vulnerability in Christian Ghisler Total Commander 6.53 Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm. | 4.9 |
| 2005-05-02 | CVE-2005-0844 | Cryptographic Issues vulnerability in Nortel Contivity 5.01 Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information. | 4.6 |
| 2004-12-31 | CVE-2004-2721 | Cryptographic Issues vulnerability in Heiko Stamer Openskat The CheckGroup function in openSkat VTMF before 2.1 generates public key pairs in which the "p" variable might not be prime, which allows remote attackers to determine the private key and decrypt messages. | 4.3 |
| 2004-12-31 | CVE-2004-2703 | Cryptographic Issues vulnerability in Clearswift products Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted". | 4.3 |
| 2003-12-31 | CVE-2003-1483 | Cryptographic Issues vulnerability in Flashfxp 1.4 FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access. | 6.4 |
| 2003-12-31 | CVE-2003-1480 | Cryptographic Issues vulnerability in multiple products MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods. | 4.3 |