Vulnerabilities > Inadequate Encryption Strength

DATE CVE VULNERABILITY TITLE RISK
2017-01-23 CVE-2016-10104 Inadequate Encryption Strength vulnerability in Hiteksoftware Automize
Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users.
network
high complexity
hiteksoftware CWE-326
5.9
2017-01-23 CVE-2016-10103 Inadequate Encryption Strength vulnerability in Hiteksoftware Automize
Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users.
network
high complexity
hiteksoftware CWE-326
8.1
2017-01-23 CVE-2016-10102 Inadequate Encryption Strength vulnerability in Hiteksoftware Automize
hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords.
network
high complexity
hiteksoftware CWE-326
8.1
2017-01-23 CVE-2016-10101 Inadequate Encryption Strength vulnerability in Hiteksoftware Automize
Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd.
network
high complexity
hiteksoftware CWE-326
8.1
2016-10-14 CVE-2005-4900 Inadequate Encryption Strength vulnerability in Google Chrome
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2.
network
high complexity
google CWE-326
5.9
2016-10-03 CVE-2015-8086 Inadequate Encryption Strength vulnerability in Huawei products
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage.
network
low complexity
huawei CWE-326
4.9
2016-10-03 CVE-2015-8085 Inadequate Encryption Strength vulnerability in Huawei products
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm.
network
low complexity
huawei CWE-326
4.9
2016-07-15 CVE-2016-5804 Inadequate Encryption Strength vulnerability in Moxa products
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.
network
low complexity
moxa CWE-326
critical
9.8
2014-06-05 CVE-2014-0224 Inadequate Encryption Strength vulnerability in multiple products
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
7.4
2013-11-08 CVE-2013-4508 Inadequate Encryption Strength vulnerability in multiple products
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
network
low complexity
lighttpd debian opensuse CWE-326
7.5