Latest Inadequate Encryption Strength Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-14517 Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API. 0.0
2020-09-09 CVE-2020-1968 Inadequate Encryption Strength vulnerability in Openssl
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite.
4.3
2020-08-26 CVE-2020-5917 Inadequate Encryption Strength vulnerability in F5 products
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure.
network
f5
CWE-326
4.3
2020-08-21 CVE-2020-10125 Inadequate Encryption Strength vulnerability in NCR Aptra XFS 04.02.01/05.01.00
NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code.
local
low complexity
ncr
CWE-326
4.6
2020-07-29 CVE-2020-5763 Inadequate Encryption Strength vulnerability in Grandstream products
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service.
network
low complexity
grandstream
CWE-326
critical
9.0
2020-07-08 CVE-2020-1982 Inadequate Encryption Strength vulnerability in Paloaltonetworks Pan-Os
Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol.
5.8
2020-07-01 CVE-2020-7689 Inadequate Encryption Strength vulnerability in Node.Bcrypt.Js Project Node.Bcrypt.Js
Data is truncated wrong when its length is greater than 255 bytes.
4.3
2020-07-01 CVE-2017-1712 Inadequate Encryption Strength vulnerability in Hcltech Domino
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack.
4.3
2020-06-25 CVE-2020-11735 Inadequate Encryption Strength vulnerability in Wolfssl
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."
5.0
2020-06-24 CVE-2020-10275 Inadequate Encryption Strength vulnerability in multiple products
The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface.
7.5