Vulnerabilities > Use of a Broken or Risky Cryptographic Algorithm

DATE CVE VULNERABILITY TITLE RISK
2015-08-20 CVE-2015-0535 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Bsafe and Bsafe Ssl-C
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a similar issue to CVE-2015-0204.
network
low complexity
dell CWE-327
7.5
2015-08-20 CVE-2015-0533 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Bsafe and Bsafe Ssl-C
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572.
network
low complexity
dell CWE-327
7.5
2008-08-22 CVE-2008-3775 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Newsoftwares Folder Lock
Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local administrators to obtain sensitive information by reading and decrypting the QualityControl\_pack registry value.
local
low complexity
newsoftwares CWE-327
4.4
2008-07-22 CVE-2008-3188 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Opensuse 11.0
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.
network
low complexity
opensuse CWE-327
7.5
2007-11-19 CVE-2007-6013 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
network
low complexity
wordpress fedoraproject CWE-327
critical
9.8
2007-10-15 CVE-2007-5460 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Microsoft Windows Mobile 5.0
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.
low complexity
microsoft CWE-327
4.6
2007-08-03 CVE-2007-4150 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Visionsoft Audit 12.4.0.0
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.
network
low complexity
visionsoft CWE-327
7.5
2005-12-31 CVE-2005-4860 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Spectrumcu Cash Receipting System 6.406.08
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.
local
low complexity
spectrumcu CWE-327
7.8
2005-09-16 CVE-2005-2946 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.
network
low complexity
openssl canonical CWE-327
7.5
2002-12-31 CVE-2002-2058 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Teekai Tracking Online 1.0
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
network
low complexity
teekai CWE-327
7.5