Vulnerabilities > Inadequate Encryption Strength
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-10 | CVE-2017-7888 | Inadequate Encryption Strength vulnerability in Dolibarr Erp/Crm 4.0.4 Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | 9.8 |
| 2017-05-03 | CVE-2017-7229 | Inadequate Encryption Strength vulnerability in Vaultive Office 365 Security 4.5.19 PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. | 6.4 |
| 2017-04-23 | CVE-2017-8076 | Inadequate Encryption Strength vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2 On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. | 7.8 |
| 2017-04-20 | CVE-2017-5160 | Inadequate Encryption Strength vulnerability in Aveva Wonderware Intouch Access Anywhere 11.5.2 An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. | 3.5 |
| 2017-04-10 | CVE-2016-5056 | Inadequate Encryption Strength vulnerability in Osram Lightify PRO OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK. | 5.0 |
| 2017-04-02 | CVE-2017-2399 | Inadequate Encryption Strength vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
| 2017-04-02 | CVE-2017-2391 | Inadequate Encryption Strength vulnerability in Apple Keynote, Numbers and Pages An issue was discovered in certain Apple products. | 5.0 |
| 2017-04-02 | CVE-2017-2380 | Inadequate Encryption Strength vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 5.0 |
| 2017-03-29 | CVE-2016-2379 | Inadequate Encryption Strength vulnerability in Pidgin Mxit The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. | 3.3 |
| 2017-03-28 | CVE-2016-9121 | Inadequate Encryption Strength vulnerability in Go-Jose Project Go-Jose go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. | 6.4 |