CWE-326— Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.— MITRE CWE catalog
503 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-326page 8 of 11
- CVE-2023-1764MEDIUMCVSS 6.5EG 6.52023-05-17
Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup …
- CVE-2023-20185HIGHCVSS 7.4EG 7.42023-07-12
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerabi…
- CVE-2023-20942MEDIUMCVSS 5.5EG 5.52023-07-13
In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execut…
- CVE-2023-21109HIGHCVSS 7.8EG 7.82023-05-15
In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User inter…
- CVE-2023-21145HIGHCVSS 7.8EG 7.82023-07-13
In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges n…
- CVE-2023-21443HIGHCVSS 7.5EG 8.82023-02-09
Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands.
- CVE-2023-21444HIGHCVSS 7.5EG 8.82023-02-09
Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands.
- CVE-2023-2197LOWCVSS 2.5EG 2.52023-05-01
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and re…
- CVE-2023-22271MEDIUMCVSS 5.3EG 5.32023-03-22
Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password…
- CVE-2023-23597MEDIUMCVSS 6.5EG 6.52023-06-02
A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the `file://` context. Given a reliable exploit primitive, this new process could be exploited again leadi…
- CVE-2023-23911HIGHCVSS 7.5EG 7.52023-03-10
An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room.
- CVE-2023-2443HIGHCVSS 7.5EG 7.52023-05-11
Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.
- CVE-2023-24502HIGHCVSS 7.5EG 7.52023-04-17
Electra Central AC unit – The unit opens an AP with an easily calculated password.
- CVE-2023-26941MEDIUMCVSS 6.5EG 6.52023-12-05
Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original.
- CVE-2023-26942MEDIUMCVSS 6.5EG 6.52023-12-05
Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original.
- CVE-2023-26943MEDIUMCVSS 6.5EG 6.52023-12-05
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original.
- CVE-2023-27389HIGHCVSS 7.2EG 7.22023-04-11
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial…
- CVE-2023-27987CRITICALCVSS 9.1EG 9.12023-04-10
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend…
- CVE-2023-28021MEDIUMCVSS 5.9EG 5.92023-07-18
The BigFix WebUI uses weak cipher suites.
- CVE-2023-28124MEDIUMCVSS 5.5EG 5.52023-04-19
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and lat…
- CVE-2023-28896LOWCVSS 3.3EG 3.32023-12-01
Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access t…
- CVE-2023-29054MEDIUMCVSS 6.7EG 6.72023-04-11
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-…
- CVE-2023-29549MEDIUMCVSS 6.5EG 6.52023-06-02
Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Fire…
- CVE-2023-30132HIGHCVSS 7.8EG 7.82023-10-19
An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key.
- CVE-2023-30351HIGHCVSS 7.5EG 7.52023-05-10
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UA…
- CVE-2023-31135LOWCVSS 3.3EG 3.32023-05-17
Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The l…
- CVE-2023-32414HIGHCVSS 8.6EG 8.62023-06-23
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox.
- CVE-2023-3243HIGHCVSS 8.3EG 8.32023-06-28
** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted pro…
- CVE-2023-33283MEDIUMCVSS 5.5EG 5.52023-06-07
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key.
- CVE-2023-33982MEDIUMCVSS 5.9EG 5.92023-05-24
Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because B…
- CVE-2023-34337HIGHCVSS 7.6EG 7.62023-07-05
AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, inte…
- CVE-2023-34971HIGHCVSS 7.1EG 7.12023-08-24
An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors…
- CVE-2023-35332MEDIUMCVSS 6.8EG 6.82023-07-11
Windows Remote Desktop Protocol Security Feature Bypass
- CVE-2023-36539MEDIUMCVSS 5.3EG 5.32023-06-30
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
- CVE-2023-36748MEDIUMCVSS 5.9EG 5.92023-07-11
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM …
- CVE-2023-37301MEDIUMCVSS 5.3EG 5.32023-06-30
An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.
- CVE-2023-37397LOWCVSS 3.6EG 3.62024-04-19
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.
- CVE-2023-4129HIGHCVSS 7.5EG 5.92023-09-27
Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block…
- CVE-2023-41305HIGHCVSS 7.5EG 7.52023-09-27
Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2023-4333MEDIUMCVSS 5.5EG 5.52023-08-15
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
- CVE-2023-43757MEDIUMCVSS 6.5EG 6.52023-11-16
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and int…
- CVE-2023-43776MEDIUMCVSS 6.6EG 6.82023-10-17
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program …
- CVE-2023-44690HIGHCVSS 7.5EG 7.52023-10-19
Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py
- CVE-2023-46894HIGHCVSS 7.5EG 7.52023-11-09
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.
- CVE-2023-47363MEDIUMCVSS 6.5EG 6.52023-11-09
The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims.
- CVE-2023-47364MEDIUMCVSS 6.5EG 6.52023-11-09
The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims
- CVE-2023-47365MEDIUMCVSS 6.5EG 6.52023-11-09
The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims.
- CVE-2023-47366MEDIUMCVSS 6.5EG 6.52023-11-09
The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims.
- CVE-2023-47367MEDIUMCVSS 6.5EG 6.52023-11-09
The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims.
- CVE-2023-47368MEDIUMCVSS 6.5EG 6.52023-11-09
The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims.
Map vulnerabilities like CWE-326 to your infrastructure
EchelonGraph correlates every CVE — across CWE-326 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →