Vulnerabilities > Inadequate Encryption Strength

DATE CVE VULNERABILITY TITLE RISK
2017-06-07 CVE-2016-3019 Inadequate Encryption Strength vulnerability in IBM Security Access Manager 9.0 Firmware
IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
6.5
2017-05-10 CVE-2017-7888 Inadequate Encryption Strength vulnerability in Dolibarr Erp/Crm 4.0.4
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
network
low complexity
dolibarr CWE-326
critical
9.8
2017-05-03 CVE-2017-7229 Inadequate Encryption Strength vulnerability in Vaultive Office 365 Security 4.5.19
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly.
network
low complexity
vaultive CWE-326
critical
9.1
2017-04-23 CVE-2017-8076 Inadequate Encryption Strength vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated.
network
low complexity
tp-link CWE-326
critical
9.8
2017-04-20 CVE-2017-5160 Inadequate Encryption Strength vulnerability in Aveva Wonderware Intouch Access Anywhere 11.5.2
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior.
network
high complexity
aveva CWE-326
5.3
2017-04-10 CVE-2016-5056 Inadequate Encryption Strength vulnerability in Osram Lightify PRO
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.
network
low complexity
osram CWE-326
7.5
2017-04-02 CVE-2017-2399 Inadequate Encryption Strength vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
low complexity
apple CWE-326
4.6
2017-04-02 CVE-2017-2391 Inadequate Encryption Strength vulnerability in Apple Keynote, Numbers and Pages
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-326
5.3
2017-04-02 CVE-2017-2380 Inadequate Encryption Strength vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-326
7.5
2017-03-29 CVE-2016-2379 Inadequate Encryption Strength vulnerability in Pidgin Mxit
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.
low complexity
pidgin CWE-326
8.8