Vulnerabilities > Inadequate Encryption Strength

DATE CVE VULNERABILITY TITLE RISK
2013-03-15 CVE-2013-2566 Inadequate Encryption Strength vulnerability in multiple products
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
network
high complexity
oracle fujitsu canonical mozilla CWE-326
5.9
2005-07-18 CVE-2005-2281 Inadequate Encryption Strength vulnerability in Juvare Webeoc
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords.
network
low complexity
juvare CWE-326
7.5
2004-12-31 CVE-2004-2172 Inadequate Encryption Strength vulnerability in Netsourcecommerce Productcart
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.
network
low complexity
netsourcecommerce CWE-326
7.5
2002-12-31 CVE-2002-1975 Inadequate Encryption Strength vulnerability in Sharp Zaurus Sl-5000D Firmware and Zaurus Sl-5500 Firmware
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.
local
low complexity
sharp CWE-326
5.5
2002-12-31 CVE-2002-1946 Inadequate Encryption Strength vulnerability in Tata Integrated Dialer 1.2.000
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password.
local
low complexity
tata CWE-326
5.5
2002-12-31 CVE-2002-1910 Inadequate Encryption Strength vulnerability in Click-2 Ingenium Learning Management System 5.1/6.1
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords.
network
low complexity
click-2 CWE-326
7.5
2002-12-31 CVE-2002-1872 Inadequate Encryption Strength vulnerability in Microsoft SQL Server
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
network
low complexity
microsoft CWE-326
7.5
2002-12-31 CVE-2002-1739 Inadequate Encryption Strength vulnerability in Mdaemon 5.0/5.0.6
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords.
local
low complexity
mdaemon CWE-326
5.5
2002-12-31 CVE-2002-1697 Inadequate Encryption Strength vulnerability in Vtun Project Vtun 2.0/2.5
Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information.
network
low complexity
vtun-project CWE-326
7.5
2002-12-31 CVE-2002-1682 Inadequate Encryption Strength vulnerability in Daansystems Newsreactor 1.0
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts.
local
low complexity
daansystems CWE-326
5.5