CWE-327— Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.— MITRE CWE catalog
688 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-327page 9 of 14
- CVE-2022-4610LOWCVSS 1.9EG 5.52022-12-19
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptogra…
- CVE-2022-46140MEDIUMCVSS 6.5EG 6.52022-12-13
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.
- CVE-2022-46832MEDIUMCVSS 6.5EG 6.52022-12-13
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH in…
- CVE-2022-46833MEDIUMCVSS 6.5EG 6.52022-12-13
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH i…
- CVE-2022-46834MEDIUMCVSS 6.5EG 6.52022-12-13
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH i…
- CVE-2023-0296MEDIUMCVSS 5.3EG 5.32023-01-17
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic heal…
- CVE-2023-0452CRITICALCVSS 9.8EG 5.32023-01-26
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of admi…
- CVE-2023-21115HIGHCVSS 8.8EG 8.82023-06-15
In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User in…
- CVE-2023-21399HIGHCVSS 7.8EG 7.82023-07-13
there is a possible way to bypass cryptographic assurances due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-22812HIGHCVSS 7.4EG 7.42023-03-24
SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.
- CVE-2023-23040HIGHCVSS 7.5EG 7.52023-02-22
TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.
- CVE-2023-23346MEDIUMCVSS 6.4EG 6.42023-08-09
HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
- CVE-2023-23347MEDIUMCVSS 6.4EG 6.42023-08-09
HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
- CVE-2023-23695MEDIUMCVSS 5.9EG 5.92023-02-17
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obta…
- CVE-2023-26024MEDIUMCVSS 6.5EG 6.52023-12-01
IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898.
- CVE-2023-26276MEDIUMCVSS 5.9EG 5.92023-06-27
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147.
- CVE-2023-27557MEDIUMCVSS 5.9EG 5.92023-04-28
IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an…
- CVE-2023-28006HIGHCVSS 7.0EG 7.02023-06-22
The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure.
- CVE-2023-28043MEDIUMCVSS 6.5EG 6.32023-06-01
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
- CVE-2023-28053MEDIUMCVSS 5.3EG 5.32023-12-18
Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information…
- CVE-2023-28076MEDIUMCVSS 5.9EG 5.92023-05-16
CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure.
- CVE-2023-28244HIGHCVSS 8.1EG 8.12023-04-11
Windows Kerberos Elevation of Privilege Vulnerability
- CVE-2023-28509HIGHCVSS 7.5EG 7.52023-03-29
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords transferred on the wire.
- CVE-2023-2900LOWCVSS 3.7EG 3.72023-05-25
A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to lau…
- CVE-2023-30441HIGHCVSS 7.5EG 7.52023-04-29
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.
- CVE-2023-30994MEDIUMCVSS 5.4EG 5.42023-10-14
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
- CVE-2023-32043MEDIUMCVSS 6.8EG 6.82023-07-11
Windows Remote Desktop Security Feature Bypass Vulnerability
- CVE-2023-3350HIGHCVSS 8.2EG 8.22023-10-03
A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the …
- CVE-2023-34039CRITICALCVSS 9.8EG 9.82023-08-29
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to ga…
- CVE-2023-34130CRITICALCVSS 9.8EG 9.82023-07-13
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
- CVE-2023-34758HIGHCVSS 8.1EG 8.12023-08-28
Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses.
- CVE-2023-35890MEDIUMCVSS 5.1EG 5.12023-07-07
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.
- CVE-2023-36608MEDIUMCVSS 6.5EG 6.52023-07-03
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm.
- CVE-2023-36749HIGHCVSS 7.4EG 7.42023-07-11
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM …
- CVE-2023-37395LOWCVSS 2.5EG 2.52024-12-11
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
- CVE-2023-37396LOWCVSS 2.5EG 2.52024-04-19
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.
- CVE-2023-37464HIGHCVSS 8.6EG 8.62023-07-14
OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fix…
- CVE-2023-37484MEDIUMCVSS 5.3EG 5.32023-08-08
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.
- CVE-2023-38361MEDIUMCVSS 5.9EG 5.92023-11-18
IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770.
- CVE-2023-38371MEDIUMCVSS 5.9EG 5.92024-06-27
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198.
- CVE-2023-38730MEDIUMCVSS 5.9EG 5.92023-08-27
IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268.
- CVE-2023-39252MEDIUMCVSS 5.9EG 5.92023-09-21
Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive inform…
- CVE-2023-40371MEDIUMCVSS 6.2EG 6.22023-08-24
IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.
- CVE-2023-40660MEDIUMCVSS 6.6EG 6.62023-11-06
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses …
- CVE-2023-40696MEDIUMCVSS 5.9EG 5.92024-05-03
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939.
- CVE-2023-41097HIGHCVSS 7.5EG 4.62023-12-21
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.
- CVE-2023-41927MEDIUMCVSS 5.3EG 5.32024-07-02
The server supports at least one cipher suite which is on the NCSC-NL list of cipher suites to be phased out, increasing the risk of cryptographic weaknesses.
- CVE-2023-41928MEDIUMCVSS 5.3EG 5.32024-07-02
The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses.
- CVE-2023-4326HIGHCVSS 7.5EG 7.52023-08-15
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
- CVE-2023-4327MEDIUMCVSS 5.5EG 5.52023-08-15
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
Map vulnerabilities like CWE-327 to your infrastructure
EchelonGraph correlates every CVE — across CWE-327 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →