CWE-327— Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.— MITRE CWE catalog
688 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-327page 8 of 14
- CVE-2022-26854HIGHCVSS 8.1EG 9.82022-04-08
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access
- CVE-2022-27581MEDIUMCVSS 6.5EG 6.52022-12-13
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH in…
- CVE-2022-2781MEDIUMCVSS 5.3EG 5.32022-10-06
In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.
- CVE-2022-28164MEDIUMCVSS 6.5EG 6.52022-05-06
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.
- CVE-2022-28166HIGHCVSS 7.5EG 7.52022-06-27
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.
- CVE-2022-28370HIGHCVSS 7.5EG 7.52022-07-14
On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh has no cryptographic validation o…
- CVE-2022-28382HIGHCVSS 7.5EG 7.52022-06-08
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example b…
- CVE-2022-28622HIGHCVSS 7.5EG 7.52022-06-27
A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve th…
- CVE-2022-29161MEDIUMCVSS 5.4EG 5.42022-05-06
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for u…
- CVE-2022-29217HIGHCVSS 7.4EG 7.42022-05-24
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application c…
- CVE-2022-29249HIGHCVSS 7.5EG 7.52022-05-24
JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a si…
- CVE-2022-29566HIGHCVSS 8.1EG 8.12022-04-21
The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of the public values computed in the proof, ak…
- CVE-2022-29835MEDIUMCVSS 5.3EG 5.32022-09-19
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This c…
- CVE-2022-29959MEDIUMCVSS 5.5EG 5.52022-08-16
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and…
- CVE-2022-29960MEDIUMCVSS 5.5EG 5.52022-07-26
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, e…
- CVE-2022-29965MEDIUMCVSS 5.5EG 5.52022-07-26
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes …
- CVE-2022-30111MEDIUMCVSS 6.8EG 6.82022-05-18
Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks.
- CVE-2022-30187MEDIUMCVSS 4.7EG 4.72022-07-12
Azure Storage Library Information Disclosure Vulnerability
- CVE-2022-30273CRITICALCVSS 9.8EG 9.82022-07-26
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (…
- CVE-2022-30320MEDIUMCVSS 4.3EG 4.32022-07-28
Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls (SBC) PCD S-Bus weak credential hashing scheme issue. The affected components …
- CVE-2022-31157HIGHCVSS 7.5EG 7.52022-07-15
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to vers…
- CVE-2022-31230HIGHCVSS 8.1EG 9.82022-06-28
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.
- CVE-2022-33160LOWCVSS 3.7EG 3.72023-10-06
IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568.
- CVE-2022-3365CRITICALCVSS 9.8EG 9.82025-01-28
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS command…
- CVE-2022-34309MEDIUMCVSS 5.9EG 5.92024-02-12
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440.
- CVE-2022-34310MEDIUMCVSS 5.9EG 5.92024-02-12
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441.
- CVE-2022-34319MEDIUMCVSS 5.9EG 7.52022-11-14
IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463.
- CVE-2022-34320MEDIUMCVSS 5.9EG 7.52022-11-14
IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464.
- CVE-2022-34361MEDIUMCVSS 5.9EG 7.52022-12-06
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.
- CVE-2022-34444MEDIUMCVSS 5.9EG 7.52023-02-11
Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak.
- CVE-2022-34632CRITICALCVSS 9.1EG 9.12022-07-18
Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discovered to contain insufficient cryptography via the component /rocket/RocketCore.scala.
- CVE-2022-34757MEDIUMCVSS 6.7EG 5.32022-07-13
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected comm…
- CVE-2022-35513HIGHCVSS 7.5EG 7.52022-09-07
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.
- CVE-2022-35720LOWCVSS 2.3EG 5.52023-02-08
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force I…
- CVE-2022-36937CRITICALCVSS 9.8EG 9.82023-05-10
HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.…
- CVE-2022-37177HIGHCVSS 7.5EG 7.52022-08-29
HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product…
- CVE-2022-38391MEDIUMCVSS 5.1EG 7.52022-12-20
IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.
- CVE-2022-38493HIGHCVSS 7.5EG 7.52022-08-20
Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.
- CVE-2022-39237MEDIUMCVSS 6.3EG 6.32022-10-06
syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when ver…
- CVE-2022-40675MEDIUMCVSS 6.5EG 7.42023-02-16
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decr…
- CVE-2022-40722HIGHCVSS 7.7EG 7.72023-04-25
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.
- CVE-2022-43843MEDIUMCVSS 5.9EG 5.92023-12-14
IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080.
- CVE-2022-43851MEDIUMCVSS 5.9EG 5.92025-04-14
IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2022-43917MEDIUMCVSS 5.9EG 7.52023-01-26
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Applic…
- CVE-2022-43934MEDIUMCVSS 6.5EG 7.52024-11-21
Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095.
- CVE-2022-43949MEDIUMCVSS 6.2EG 6.22023-06-13
A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods.
- CVE-2022-45141CRITICALCVSS 9.8EG 9.82023-03-06
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tick…
- CVE-2022-45170MEDIUMCVSS 6.5EG 6.52023-04-14
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without kno…
- CVE-2022-45195MEDIUMCVSS 5.3EG 5.32022-11-12
SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. Th…
- CVE-2022-45858MEDIUMCVSS 4.2EG 4.22023-05-03
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive in…
Map vulnerabilities like CWE-327 to your infrastructure
EchelonGraph correlates every CVE — across CWE-327 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →