Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm

DATE CVE VULNERABILITY TITLE RISK
2017-12-17 CVE-2017-17717 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.
network
low complexity
sonatype CWE-327
critical
10.0
2017-12-13 CVE-2017-17382 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Citrix products
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
network
citrix CWE-327
4.3
2017-12-11 CVE-2017-8866 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cognitoys Stemosaur Firmware
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server.
network
cognitoys CWE-327
4.3
2017-11-22 CVE-2017-8191 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Huawei Fusionsphere Openstack V100R006C00Spc102(Nfv)
FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability.
network
huawei CWE-327
4.3
2017-11-22 CVE-2017-8157 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Huawei products
OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability.
network
huawei CWE-327
4.3
2017-10-30 CVE-2012-4449 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache Hadoop
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.
network
low complexity
apache CWE-327
7.5
2017-10-30 CVE-2015-0226 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache Wss4J
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages.
network
low complexity
apache CWE-327
5.0
2017-10-29 CVE-2017-15998 Use of a Broken or Risky Cryptographic Algorithm vulnerability in NQ Contacts Backup & Restore 1.1
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data.
network
low complexity
nq CWE-327
5.0
2017-10-29 CVE-2017-15997 Use of a Broken or Risky Cryptographic Algorithm vulnerability in NQ Contacts Backup & Restore 1.1
In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences.
local
low complexity
nq CWE-327
2.1
2017-10-20 CVE-2017-14937 Use of a Broken or Risky Cryptographic Algorithm vulnerability in PCU 2014
The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector).
local
pcu CWE-327
1.9