Filtered by CWE-326
Filtered by vendor Subscriptions
Total 390 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2010-3670 1 Typo3 1 Typo3 2024-11-21 4.8 Medium
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
CVE-2009-2474 5 Apple, Canonical, Fedoraproject and 2 more 5 Mac Os X, Ubuntu Linux, Fedora and 2 more 2024-11-21 N/A
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2005-4900 1 Google 1 Chrome 2024-11-21 N/A
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation.
CVE-2005-2281 1 Juvare 1 Webeoc 2024-11-21 7.5 High
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords.
CVE-2005-0366 1 Gnupg 1 Gnupg 2024-11-21 N/A
The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.
CVE-2004-2172 1 Netsourcecommerce 1 Productcart 2024-11-21 7.5 High
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.
CVE-2002-1975 1 Sharp 4 Zaurus Sl-5000d, Zaurus Sl-5000d Firmware, Zaurus Sl-5500 and 1 more 2024-11-21 5.5 Medium
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.
CVE-2002-1946 1 Tata 1 Integrated Dialer 2024-11-21 5.5 Medium
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password.
CVE-2002-1910 1 Click-2 1 Ingenium Learning Management System 2024-11-21 7.5 High
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords.
CVE-2002-1872 1 Microsoft 1 Sql Server 2024-11-21 7.5 High
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
CVE-2002-1739 1 Mdaemon 1 Mdaemon 2024-11-21 5.5 Medium
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords.
CVE-2002-1697 1 Vtun Project 1 Vtun 2024-11-21 7.5 High
Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information.
CVE-2002-1682 1 Daansystems 1 Newsreactor 2024-11-21 5.5 Medium
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts.
CVE-2001-1546 1 Mckesson 1 Pathways Homecare 2024-11-21 7.8 High
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.
CVE-2023-6728 2024-11-05 3.3 Low
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.
CVE-2024-43382 1 Snowflake 1 Snowflake Jdbc 2024-11-01 5.9 Medium
Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption.
CVE-2024-45259 1 Gl-inet 20 Gl-a1300 Firmware, Gl-ar300m16 Firmware, Gl-ar300m Firmware and 17 more 2024-10-28 6.5 Medium
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted.
CVE-2024-45394 2 Authenticator, Authenticator-extension 2 Authenticator, Authenticator 2024-10-09 8.8 High
Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the user's encryption key. Users on version 8.0.0 and above are automatically migrated away from the weak encoding on first login. Users should destroy encrypted backups made with versions prior to 8.0.0.
CVE-2024-41594 1 Draytek 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more 2024-10-08 7.5 High
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
CVE-2024-47182 1 Amirraminfar 1 Dozzle 2024-10-04 4.8 Medium
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3.