Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm

DATE CVE VULNERABILITY TITLE RISK
2007-11-19 CVE-2007-6013 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
network
low complexity
wordpress fedoraproject CWE-327
critical
9.8
2007-10-15 CVE-2007-5460 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Microsoft Windows Mobile 5.0
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.
low complexity
microsoft CWE-327
4.6
2007-08-03 CVE-2007-4150 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Visionsoft Audit 12.4.0.0
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.
network
low complexity
visionsoft CWE-327
7.5
2005-12-31 CVE-2005-4860 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Spectrumcu Cash Receipting System 6.406.08
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.
local
low complexity
spectrumcu CWE-327
7.8
2005-09-16 CVE-2005-2946 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.
network
low complexity
openssl canonical CWE-327
7.5
2002-12-31 CVE-2002-2058 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Teekai Tracking Online 1.0
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
network
low complexity
teekai CWE-327
7.5