Vulnerabilities > Inadequate Encryption Strength
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-21 | CVE-2009-2474 | Inadequate Encryption Strength vulnerability in multiple products neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 5.8 |
| 2005-07-18 | CVE-2005-2281 | Inadequate Encryption Strength vulnerability in Juvare Webeoc WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords. | 7.5 |
| 2005-05-02 | CVE-2005-0366 | Inadequate Encryption Strength vulnerability in Gnupg The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed. | 5.0 |
| 2004-12-31 | CVE-2004-2172 | Inadequate Encryption Strength vulnerability in Netsourcecommerce Productcart EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack. | 7.5 |
| 2002-12-31 | CVE-2002-1975 | Inadequate Encryption Strength vulnerability in Sharp Zaurus Sl-5000D Firmware and Zaurus Sl-5500 Firmware Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods. | 5.5 |
| 2002-12-31 | CVE-2002-1946 | Inadequate Encryption Strength vulnerability in Tata Integrated Dialer 1.2.000 Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password. | 5.5 |
| 2002-12-31 | CVE-2002-1910 | Inadequate Encryption Strength vulnerability in Click-2 Ingenium Learning Management System 5.1/6.1 Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords. | 7.5 |
| 2002-12-31 | CVE-2002-1872 | Inadequate Encryption Strength vulnerability in Microsoft SQL Server Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | 7.5 |
| 2002-12-31 | CVE-2002-1739 | Inadequate Encryption Strength vulnerability in Mdaemon Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords. | 5.5 |
| 2002-12-31 | CVE-2002-1697 | Inadequate Encryption Strength vulnerability in Vtun Project Vtun Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information. | 7.5 |