Vulnerabilities > Inadequate Encryption Strength
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-13 | CVE-2021-3131 | Inadequate Encryption Strength vulnerability in 1C 1C:Enterprise The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter. | 7.5 |
| 2021-01-01 | CVE-2017-20001 | Inadequate Encryption Strength vulnerability in AES Encryption Project AES Encryption The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. | 7.5 |
| 2020-11-12 | CVE-2020-17494 | Inadequate Encryption Strength vulnerability in Untangle Firewall NG Untangle Firewall NG before 16.0 uses MD5 for passwords. | 5.3 |
| 2020-11-12 | CVE-2020-8761 | Inadequate Encryption Strength vulnerability in Intel Converged Security and Manageability Engine Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access. | 4.6 |
| 2020-11-12 | CVE-2020-9128 | Inadequate Encryption Strength vulnerability in Huawei Fusioncompute 8.0.0 FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. | 4.4 |
| 2020-10-29 | CVE-2020-5938 | Inadequate Encryption Strength vulnerability in F5 products On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow. | 6.5 |
| 2020-10-21 | CVE-2020-3549 | Inadequate Encryption Strength vulnerability in Cisco Firepower Threat Defense A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. | 8.1 |
| 2020-10-02 | CVE-2020-7069 | Inadequate Encryption Strength vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. | 6.5 |
| 2020-08-26 | CVE-2020-5917 | Inadequate Encryption Strength vulnerability in F5 products In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure. | 5.9 |
| 2020-08-21 | CVE-2020-10125 | Inadequate Encryption Strength vulnerability in NCR Aptra XFS 04.02.01/05.01.00 NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code. | 7.6 |