CWE-327— Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.— MITRE CWE catalog
688 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-327page 10 of 14
- CVE-2023-4331HIGHCVSS 7.5EG 7.52023-08-15
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
- CVE-2023-43635HIGHCVSS 8.8EG 8.82023-09-20
Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry…
- CVE-2023-46133CRITICALCVSS 9.1EG 9.12023-10-25
CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry st…
- CVE-2023-46233CRITICALCVSS 9.1EG 9.12023-10-25
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it…
- CVE-2023-47640HIGHCVSS 8.8EG 6.42023-11-14
DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. st…
- CVE-2023-49259HIGHCVSS 7.5EG 7.52024-01-12
The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.
- CVE-2023-50312MEDIUMCVSS 5.3EG 5.32024-03-01
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.
- CVE-2023-50313MEDIUMCVSS 5.3EG 5.32024-04-02
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.
- CVE-2023-50350HIGHCVSS 7.5EG 8.22024-01-03
HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information.
- CVE-2023-50351CRITICALCVSS 9.1EG 8.22024-01-03
HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data.
- CVE-2023-50475CRITICALCVSS 9.1EG 9.12023-12-21
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.
- CVE-2023-50481HIGHCVSS 7.5EG 7.52023-12-21
An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js.
- CVE-2023-50937MEDIUMCVSS 5.9EG 5.92024-02-02
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.
- CVE-2023-50939MEDIUMCVSS 5.9EG 5.92024-02-02
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.
- CVE-2023-51392MEDIUMCVSS 6.2EG 6.22024-02-23
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.
- CVE-2023-51838HIGHCVSS 7.5EG 7.52024-02-02
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
- CVE-2023-51839CRITICALCVSS 9.1EG 9.12024-01-29
DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.
- CVE-2023-52236HIGHCVSS 7.0EG 7.02025-07-08
A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGGEDCOM M2200 (All versions), RUGGEDCOM M9…
- CVE-2023-5347CRITICALCVSS 9.1EG 9.82024-01-09
An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmw…
- CVE-2023-5627HIGHCVSS 7.5EG 7.52023-11-01
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users…
- CVE-2023-5962MEDIUMCVSS 6.5EG 6.52023-12-23
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lea…
- CVE-2023-6240MEDIUMCVSS 6.5EG 6.52024-02-04
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.
- CVE-2024-0323CRITICALCVSS 9.8EG 9.82024-02-05
The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications…
- CVE-2024-10128LOWCVSS 2.7EG 2.72024-10-18
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The a…
- CVE-2024-1040MEDIUMCVSS 4.4EG 4.42024-02-01
Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device.
- CVE-2024-10405MEDIUMCVSS 5.3EG 5.32025-02-15
Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, p…
- CVE-2024-20070MEDIUMCVSS 5.1EG 5.12024-06-03
In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no …
- CVE-2024-21670MEDIUMCVSS 6.5EG 6.52024-01-16
Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model…
- CVE-2024-22192MEDIUMCVSS 6.5EG 6.52024-01-16
Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model…
- CVE-2024-22314MEDIUMCVSS 5.9EG 5.92025-04-16
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-22318MEDIUMCVSS 5.1EG 5.12024-02-09
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile serv…
- CVE-2024-22347MEDIUMCVSS 5.9EG 5.92025-01-20
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-22361MEDIUMCVSS 5.9EG 5.92024-02-10
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-…
- CVE-2024-22458LOWCVSS 3.7EG 3.72024-03-01
Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of cipher…
- CVE-2024-22463HIGHCVSS 7.4EG 7.42024-03-04
Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality an…
- CVE-2024-24559LOWCVSS 3.7EG 3.72024-02-05
Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writ…
- CVE-2024-25963MEDIUMCVSS 5.9EG 5.92024-03-28
Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.
- CVE-2024-25968MEDIUMCVSS 5.9EG 5.92024-05-14
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosu…
- CVE-2024-26317MEDIUMCVSS 6.1EG 6.12025-01-27
In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-m…
- CVE-2024-27255MEDIUMCVSS 5.9EG 5.92024-03-03
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt hi…
- CVE-2024-27256MEDIUMCVSS 5.9EG 5.92025-01-27
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decry…
- CVE-2024-28780MEDIUMCVSS 5.9EG 5.92025-02-19
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-28834MEDIUMCVSS 5.3EG 5.32024-03-21
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_R…
- CVE-2024-28972MEDIUMCVSS 5.9EG 5.92024-08-01
Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure.
- CVE-2024-28980MEDIUMCVSS 6.5EG 6.52024-12-13
Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Rem…
- CVE-2024-29056MEDIUMCVSS 4.3EG 4.32024-04-09
Windows Authentication Elevation of Privilege Vulnerability
- CVE-2024-29175MEDIUMCVSS 5.9EG 5.92024-06-26
Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in…
- CVE-2024-30098HIGHCVSS 7.5EG 7.52024-07-09
Windows Cryptographic Services Security Feature Bypass Vulnerability
- CVE-2024-30152MEDIUMCVSS 6.5EG 6.52025-04-25
HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts.
- CVE-2024-31510CRITICALCVSS 9.8EG 9.82024-05-24
An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component.
Map vulnerabilities like CWE-327 to your infrastructure
EchelonGraph correlates every CVE — across CWE-327 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →