Vulnerabilities > Inadequate Encryption Strength

DATE CVE VULNERABILITY TITLE RISK
2023-03-06 CVE-2022-45141 Inadequate Encryption Strength vulnerability in Samba
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).
network
low complexity
samba CWE-326
critical
9.8
2023-02-11 CVE-2022-34385 Inadequate Encryption Strength vulnerability in Dell products
SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability.
local
low complexity
dell CWE-326
5.5
2023-02-09 CVE-2023-21443 Inadequate Encryption Strength vulnerability in Samsung Flow
Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands.
low complexity
samsung CWE-326
8.8
2023-02-09 CVE-2023-21444 Inadequate Encryption Strength vulnerability in Samsung Flow
Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands.
low complexity
samsung CWE-326
8.8
2023-02-01 CVE-2022-43922 Inadequate Encryption Strength vulnerability in IBM APP Connect Enterprise Certified Container
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration.
network
low complexity
ibm CWE-326
6.5
2023-01-05 CVE-2021-40341 Inadequate Encryption Strength vulnerability in Hitachienergy Foxman-Un and Unem
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements.
local
low complexity
hitachienergy CWE-326
5.5
2022-12-27 CVE-2022-2582 Inadequate Encryption Strength vulnerability in Amazon AWS Software Development KIT
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field.
network
low complexity
amazon CWE-326
4.3
2022-12-26 CVE-2022-24116 Inadequate Encryption Strength vulnerability in GE products
Certain General Electric Renewable Energy products have inadequate encryption strength.
network
low complexity
ge CWE-326
critical
9.8
2022-12-23 CVE-2022-47931 Inadequate Encryption Strength vulnerability in Iofinnet Tss-Lib
IO FinNet tss-lib before 2.0.0 allows a collision of hash values.
network
low complexity
iofinnet CWE-326
critical
9.1
2022-12-19 CVE-2022-38659 Inadequate Encryption Strength vulnerability in Hcltech Bigfix Platform
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.
local
low complexity
hcltech CWE-326
7.8