CWE-326— Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.— MITRE CWE catalog
503 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-326page 9 of 11
- CVE-2023-47369MEDIUMCVSS 6.5EG 6.52023-11-09
The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications.
- CVE-2023-47370MEDIUMCVSS 6.5EG 6.52023-11-09
The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims.
- CVE-2023-47372MEDIUMCVSS 6.5EG 6.52023-11-09
The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims.
- CVE-2023-47373MEDIUMCVSS 6.5EG 6.52023-11-09
The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims.
- CVE-2023-48034MEDIUMCVSS 6.1EG 6.12023-11-27
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.
- CVE-2023-48051HIGHCVSS 7.5EG 7.52023-11-20
An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding.
- CVE-2023-6728LOWCVSS 3.3EG 3.32024-10-17
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.
- CVE-2023-7237MEDIUMCVSS 5.7EG 5.72024-01-23
Lantronix XPort sends weakly encoded credentials within web request headers.
- CVE-2024-10026MEDIUMCVSS 5.3EG 5.32025-01-30
A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.
- CVE-2024-1224HIGHCVSS 7.1EG 7.12024-03-06
This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. A local attacker with administrative privileges could exploit this vulnerability to obtain the password of…
- CVE-2024-13026MEDIUMCVSS 6.1EG 6.12025-01-17
A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access …
- CVE-2024-13454MEDIUMCVSS 5.3EG 5.32025-01-20
Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3
- CVE-2024-20692MEDIUMCVSS 5.7EG 5.72024-01-09
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
- CVE-2024-21787MEDIUMCVSS 6.4EG 6.42024-08-14
Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21881HIGHCVSS 8.6EG 8.62024-08-12
Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x
- CVE-2024-22892HIGHCVSS 7.5EG 7.52024-09-25
OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords.
- CVE-2024-22894MEDIUMCVSS 6.8EG 6.82024-01-30
An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code vi…
- CVE-2024-23579MEDIUMCVSS 6.5EG 6.52024-05-28
HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values.
- CVE-2024-23580MEDIUMCVSS 6.5EG 6.52024-05-28
HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs). This could allow an attacker with access to the database to recover some or all encrypted values.
- CVE-2024-23656HIGHCVSS 7.5EG 7.52024-01-25
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tl…
- CVE-2024-25102HIGHCVSS 7.8EG 7.12024-03-06
This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamv…
- CVE-2024-28755MEDIUMCVSS 6.5EG 6.52024-04-03
An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to preven…
- CVE-2024-28860HIGHCVSS 8.0EG 8.02024-03-27
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In pa…
- CVE-2024-28974HIGHCVSS 7.6EG 7.62024-05-29
Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
- CVE-2024-29950HIGHCVSS 7.5EG 7.52024-04-17
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack.
- CVE-2024-29951MEDIUMCVSS 5.7EG 5.72024-04-17
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.
- CVE-2024-29969HIGHCVSS 7.5EG 7.52024-04-19
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082.
- CVE-2024-30119LOWCVSS 3.7EG 3.72024-06-14
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection.
- CVE-2024-32758HIGHCVSS 7.5EG 7.52024-08-01
Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange
- CVE-2024-33662HIGHCVSS 7.5EG 7.52024-10-02
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.
- CVE-2024-3387MEDIUMCVSS 5.3EG 5.32024-04-10
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls…
- CVE-2024-34113MEDIUMCVSS 5.5EG 6.22024-06-13
ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic…
- CVE-2024-36823HIGHCVSS 7.5EG 7.52024-06-06
The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information.
- CVE-2024-37034MEDIUMCVSS 5.9EG 5.92024-07-26
An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.
- CVE-2024-38277MEDIUMCVSS 5.4EG 5.42024-06-18
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.
- CVE-2024-38341MEDIUMCVSS 5.9EG 5.92025-05-28
IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-38867MEDIUMCVSS 5.9EG 5.92024-07-09
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP…
- CVE-2024-39928HIGHCVSS 7.5EG 7.52024-09-25
In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, w…
- CVE-2024-40719MEDIUMCVSS 6.5EG 6.52024-08-02
The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that websi…
- CVE-2024-40761MEDIUMCVSS 5.3EG 5.32024-09-25
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official …
- CVE-2024-41594HIGHCVSS 7.5EG 7.52024-10-03
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
- CVE-2024-41681MEDIUMCVSS 6.7EG 6.72024-08-13
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path po…
- CVE-2024-42163HIGHCVSS 8.3EG 8.32024-08-12
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.
- CVE-2024-42177LOWCVSS 2.6EG 2.62025-04-17
HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious co…
- CVE-2024-43382MEDIUMCVSS 5.9EG 5.92024-10-30
Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption.
- CVE-2024-45259MEDIUMCVSS 6.5EG 6.52024-10-24
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be de…
- CVE-2024-45273HIGHCVSS 8.4EG 8.42024-10-15
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
- CVE-2024-45394HIGHCVSS 8.8EG 8.82024-09-03
Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers w…
- CVE-2024-45719LOWCVSS 2.6EG 2.62024-11-22
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be pred…
- CVE-2024-47182MEDIUMCVSS 4.8EG 4.82024-09-27
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for p…
Map vulnerabilities like CWE-326 to your infrastructure
EchelonGraph correlates every CVE — across CWE-326 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →