Vulnerabilities > Inadequate Encryption Strength

DATE CVE VULNERABILITY TITLE RISK
2023-05-18 CVE-2022-45453 Inadequate Encryption Strength vulnerability in Acronis Cyber Protect 15
TLS/SSL weak cipher suites enabled.
network
low complexity
acronis CWE-326
7.5
2023-05-17 CVE-2023-1764 Inadequate Encryption Strength vulnerability in Canon IJ Network Tool
Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software.
low complexity
canon CWE-326
6.5
2023-05-11 CVE-2023-2443 Inadequate Encryption Strength vulnerability in Rockwellautomation Thinmanager
Rockwell Automation ThinManager product allows the use of medium strength ciphers.
network
low complexity
rockwellautomation CWE-326
7.5
2023-05-10 CVE-2023-30351 Inadequate Encryption Strength vulnerability in Tenda CP3 Firmware 11.10.00.2211041355
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption.
network
low complexity
tenda CWE-326
7.5
2023-05-01 CVE-2023-2197 Inadequate Encryption Strength vulnerability in Hashicorp Vault 1.13.0
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key.
local
high complexity
hashicorp CWE-326
2.5
2023-04-19 CVE-2023-28124 Inadequate Encryption Strength vulnerability in UI Desktop 0.55.1.2/0.55.3.17/0.59.1.71
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later.
local
low complexity
ui CWE-326
5.5
2023-04-17 CVE-2023-24502 Inadequate Encryption Strength vulnerability in Electra-Air Central AC Unit Firmware
Electra Central AC unit – The unit opens an AP with an easily calculated password.
low complexity
electra-air CWE-326
6.5
2023-04-11 CVE-2023-27389 Inadequate Encryption Strength vulnerability in Contec products
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code.
network
low complexity
contec CWE-326
7.2
2023-03-22 CVE-2023-22271 Inadequate Encryption Strength vulnerability in Adobe Experience Manager
Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass.
network
high complexity
adobe CWE-326
5.3
2023-03-10 CVE-2023-23911 Inadequate Encryption Strength vulnerability in Rocket.Chat
An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room.
network
low complexity
rocket-chat CWE-326
7.5