Vulnerabilities > Inadequate Encryption Strength
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-21 | CVE-2020-27208 | Inadequate Encryption Strength vulnerability in multiple products The flash read-out protection (RDP) level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. | 6.8 |
| 2021-05-20 | CVE-2020-18220 | Inadequate Encryption Strength vulnerability in Html-Js Doracms Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks. | 7.5 |
| 2021-05-14 | CVE-2020-27020 | Inadequate Encryption Strength vulnerability in Kaspersky Password Manager 9.0.2/9.2 Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. | 7.5 |
| 2021-04-30 | CVE-2021-21507 | Inadequate Encryption Strength vulnerability in Dell products Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. | 9.8 |
| 2021-03-31 | CVE-2021-23982 | Inadequate Encryption Strength vulnerability in Mozilla Firefox Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. | 6.5 |
| 2021-03-25 | CVE-2021-27450 | Inadequate Encryption Strength vulnerability in GE Mu320E Firmware SSH server configuration file does not implement some best practices. | 7.8 |
| 2021-03-10 | CVE-2020-35221 | Inadequate Encryption Strength vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original. | 8.8 |
| 2021-02-12 | CVE-2021-20406 | Inadequate Encryption Strength vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 4.9 |
| 2021-02-09 | CVE-2021-21474 | Inadequate Encryption Strength vulnerability in SAP Hana Database 1.00/2.00 SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database. | 6.5 |
| 2021-02-05 | CVE-2020-10375 | Inadequate Encryption Strength vulnerability in Newmediacompany Smarty An issue was discovered in New Media Smarty before 9.10. | 5.5 |