Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm

DATE CVE VULNERABILITY TITLE RISK
2020-01-24 CVE-2019-3700 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Suse Yast2-Security
yast2-security didn't use secure defaults to protect passwords.
local
low complexity
suse CWE-327
2.1
2020-01-21 CVE-2020-6857 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Taskautomation Carbonftp 1.4
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key.
local
low complexity
taskautomation CWE-327
2.1
2020-01-09 CVE-2020-1810 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Huawei products
There is a weak algorithm vulnerability in some Huawei products.
network
low complexity
huawei CWE-327
5.0
2019-12-25 CVE-2019-19962 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Wolfssl
wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.
network
low complexity
wolfssl CWE-327
5.0
2019-12-18 CVE-2019-4609 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect 2018.4.1.7
IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
5.0
2019-12-13 CVE-2019-19397 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Huawei products
There is a weak algorithm vulnerability in some Huawei products.
network
low complexity
huawei CWE-327
5.0
2019-12-12 CVE-2019-18340 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Siemens products
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0).
local
low complexity
siemens CWE-327
5.5
2019-12-02 CVE-2019-19316 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hashicorp Terraform
When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.
network
hashicorp CWE-327
4.3
2019-11-08 CVE-2019-16208 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
network
low complexity
broadcom CWE-327
5.0
2019-11-02 CVE-2019-18659 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Ready Wireless Emergency Alerts
The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12).
network
low complexity
ready CWE-327
5.0