Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm

DATE CVE VULNERABILITY TITLE RISK
2017-03-01 CVE-2016-6485 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Magento Magento2
The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.
network
low complexity
magento CWE-327
7.5
2017-02-13 CVE-2016-8370 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mitsubishielectric products
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions.
network
low complexity
mitsubishielectric CWE-327
7.5
2017-01-23 CVE-2016-6602 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zohocorp Webnms Framework 5.2
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml.
network
low complexity
zohocorp CWE-327
critical
9.8
2016-09-18 CVE-2016-0923 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Bsafe
The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used.
network
low complexity
dell CWE-327
7.5
2015-08-20 CVE-2015-0535 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Bsafe and Bsafe Ssl-C
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a similar issue to CVE-2015-0204.
network
low complexity
dell CWE-327
7.5
2015-08-20 CVE-2015-0533 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Bsafe and Bsafe Ssl-C
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572.
network
low complexity
dell CWE-327
7.5
2008-08-22 CVE-2008-3775 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Newsoftwares Folder Lock
Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local administrators to obtain sensitive information by reading and decrypting the QualityControl\_pack registry value.
local
low complexity
newsoftwares CWE-327
4.4
2008-07-22 CVE-2008-3188 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Opensuse 11.0
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.
network
low complexity
opensuse CWE-327
7.5
2007-11-19 CVE-2007-6013 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
network
low complexity
wordpress fedoraproject CWE-327
critical
9.8
2007-10-15 CVE-2007-5460 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Microsoft Windows Mobile 5.0
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.
low complexity
microsoft CWE-327
4.6