Vulnerabilities > Cryptographic Issues
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1447 | Cryptographic Issues vulnerability in IBM Websphere Application Server 4.0.4 IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML. | 1.9 |
| 2003-12-31 | CVE-2003-1392 | Cryptographic Issues vulnerability in multiple products CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data. | 6.6 |
| 2003-12-31 | CVE-2003-1391 | Cryptographic Issues vulnerability in Research Triangle Software Cryptobuddy 1.0/1.2 RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase. | 7.5 |
| 2003-12-31 | CVE-2003-1390 | Cryptographic Issues vulnerability in Research Triangle Software Cryptobuddy 1.0/1.2 RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase. | 7.5 |
| 2003-12-31 | CVE-2003-1389 | Cryptographic Issues vulnerability in Research Triangle Software Cryptobuddy 1.0/1.2 RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks. | 7.5 |
| 2003-12-31 | CVE-2003-1344 | Cryptographic Issues vulnerability in Trend Micro Virus Control System Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to "selects1", which returns log files. | 5.0 |
| 2003-08-27 | CVE-2003-0512 | Cryptographic Issues vulnerability in Cisco IOS Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge. | 5.0 |
| 2002-12-31 | CVE-2002-2326 | Cryptographic Issues vulnerability in Apple mac OS X The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic. | 5.0 |
| 2002-12-31 | CVE-2002-2303 | Cryptographic Issues vulnerability in 3D3.Com Shopfactory 5.8 3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data. | 7.8 |
| 2001-11-19 | CVE-2001-1463 | Cryptographic Issues vulnerability in Solarwinds Serv-U File Server 3.0.0.17/3.0.0.16 The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. | 7.5 |