Vulnerabilities > Inadequate Encryption Strength
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-01-23 | CVE-2016-10104 | Inadequate Encryption Strength vulnerability in Hiteksoftware Automize Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. | 5.9 |
2017-01-23 | CVE-2016-10103 | Inadequate Encryption Strength vulnerability in Hiteksoftware Automize Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. | 8.1 |
2017-01-23 | CVE-2016-10102 | Inadequate Encryption Strength vulnerability in Hiteksoftware Automize hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. | 8.1 |
2017-01-23 | CVE-2016-10101 | Inadequate Encryption Strength vulnerability in Hiteksoftware Automize Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. | 8.1 |
2016-10-14 | CVE-2005-4900 | Inadequate Encryption Strength vulnerability in Google Chrome SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. | 5.9 |
2016-10-03 | CVE-2015-8086 | Inadequate Encryption Strength vulnerability in Huawei products Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage. | 4.9 |
2016-10-03 | CVE-2015-8085 | Inadequate Encryption Strength vulnerability in Huawei products Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm. | 4.9 |
2016-07-15 | CVE-2016-5804 | Inadequate Encryption Strength vulnerability in Moxa products Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value. | 9.8 |
2014-06-05 | CVE-2014-0224 | Inadequate Encryption Strength vulnerability in multiple products OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. network high complexity openssl redhat fedoraproject opensuse filezilla-project siemens mariadb python nodejs CWE-326 | 7.4 |
2013-11-08 | CVE-2013-4508 | Inadequate Encryption Strength vulnerability in multiple products lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. | 7.5 |