Latest Inadequate Encryption Strength Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-16 | CVE-2020-14517 | Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API. | |
| 2020-09-09 | CVE-2020-1968 | Inadequate Encryption Strength vulnerability in Openssl The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. | |
| 2020-08-26 | CVE-2020-5917 | Inadequate Encryption Strength vulnerability in F5 products In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure. | |
| 2020-08-21 | CVE-2020-10125 | Inadequate Encryption Strength vulnerability in NCR Aptra XFS 04.02.01/05.01.00 NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code. | |
| 2020-07-29 | CVE-2020-5763 | Inadequate Encryption Strength vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. | |
| 2020-07-08 | CVE-2020-1982 | Inadequate Encryption Strength vulnerability in Paloaltonetworks Pan-Os Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. | |
| 2020-07-01 | CVE-2020-7689 | Inadequate Encryption Strength vulnerability in Node.Bcrypt.Js Project Node.Bcrypt.Js Data is truncated wrong when its length is greater than 255 bytes. | |
| 2020-07-01 | CVE-2017-1712 | Inadequate Encryption Strength vulnerability in Hcltech Domino "A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. | |
| 2020-06-25 | CVE-2020-11735 | Inadequate Encryption Strength vulnerability in Wolfssl The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak." | |
| 2020-06-24 | CVE-2020-10275 | Inadequate Encryption Strength vulnerability in multiple products The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. |