Vulnerabilities > Inadequate Encryption Strength
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-10 | CVE-2023-30351 | Inadequate Encryption Strength vulnerability in Tenda CP3 Firmware 11.10.00.2211041355 Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. | 7.5 |
| 2023-05-01 | CVE-2023-2197 | Inadequate Encryption Strength vulnerability in Hashicorp Vault 1.13.0 HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. | 2.5 |
| 2023-04-19 | CVE-2023-28124 | Inadequate Encryption Strength vulnerability in UI Desktop 0.55.1.2/0.55.3.17/0.59.1.71 Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later. | 5.5 |
| 2023-04-17 | CVE-2023-24502 | Inadequate Encryption Strength vulnerability in Electra-Air Central AC Unit Firmware Electra Central AC unit – The unit opens an AP with an easily calculated password. | 6.5 |
| 2023-04-11 | CVE-2023-29054 | Inadequate Encryption Strength vulnerability in Siemens products A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). | 7.4 |
| 2023-04-11 | CVE-2023-27389 | Inadequate Encryption Strength vulnerability in Contec products Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. | 7.2 |
| 2023-04-10 | CVE-2023-27987 | Inadequate Encryption Strength vulnerability in Apache Linkis In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. | 9.1 |
| 2023-03-22 | CVE-2023-22271 | Inadequate Encryption Strength vulnerability in Adobe Experience Manager Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. | 5.3 |
| 2023-03-10 | CVE-2023-23911 | Inadequate Encryption Strength vulnerability in Rocket.Chat An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. | 7.5 |
| 2023-03-06 | CVE-2022-45141 | Inadequate Encryption Strength vulnerability in Samba Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). | 9.8 |