Filtered by vendor
Subscriptions
Total
531 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-5623 | 1 Squirrelmail | 1 Change Passwd | 2024-11-21 | 7.5 High |
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. | ||||
CVE-2012-5575 | 2 Apache, Redhat | 8 Cxf, Fuse Esb Enterprise, Jboss Enterprise Application Platform and 5 more | 2024-11-21 | N/A |
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack." | ||||
CVE-2012-4571 | 1 Python | 1 Keyring | 2024-11-21 | N/A |
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack. | ||||
CVE-2012-4449 | 1 Apache | 1 Hadoop | 2024-11-21 | N/A |
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack. | ||||
CVE-2011-2487 | 2 Apache, Redhat | 12 Cxf, Wss4j, Jboss Business Rules Management System and 9 more | 2024-11-21 | 5.9 Medium |
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. | ||||
CVE-2011-1096 | 1 Redhat | 6 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 3 more | 2024-11-21 | N/A |
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack." | ||||
CVE-2009-2273 | 1 Huawei | 2 D100, D100 Firmware | 2024-11-21 | N/A |
The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | ||||
CVE-2008-3775 | 1 Newsoftwares | 1 Folder Lock | 2024-11-21 | 4.4 Medium |
Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local administrators to obtain sensitive information by reading and decrypting the QualityControl\_pack registry value. | ||||
CVE-2008-3188 | 1 Opensuse | 1 Opensuse | 2024-11-21 | 7.5 High |
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords. | ||||
CVE-2007-6755 | 1 Dell | 2 Bsafe Crypto-c-micro-edition, Bsafe Crypto-j | 2024-11-21 | N/A |
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE. | ||||
CVE-2007-6013 | 2 Fedoraproject, Wordpress | 2 Fedora, Wordpress | 2024-11-21 | 9.8 Critical |
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. | ||||
CVE-2007-5460 | 1 Microsoft | 2 Activesync, Windows Mobile | 2024-11-21 | 4.6 Medium |
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. | ||||
CVE-2005-4860 | 1 Spectrumcu | 1 Cash Receipting System | 2024-11-21 | 7.8 High |
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password. | ||||
CVE-2005-2946 | 2 Canonical, Openssl | 2 Ubuntu Linux, Openssl | 2024-11-21 | 7.5 High |
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. | ||||
CVE-2002-2058 | 1 Teekai | 1 Tracking Online | 2024-11-21 | 7.5 High |
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. | ||||
CVE-1999-0007 | 5 C2net, Hp, Microsoft and 2 more | 13 Stonghold Web Server, Open Market Secure Webserver, Exchange Server and 10 more | 2024-11-21 | N/A |
Information from SSL-encrypted sessions via PKCS #1. | ||||
CVE-2024-43189 | 1 Ibm | 1 Concert | 2024-11-18 | 5.9 Medium |
IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
CVE-2020-11916 | 2024-11-08 | 6.3 Medium | ||
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased. | ||||
CVE-2024-51478 | 1 Yeswiki | 1 Yeswiki | 2024-11-01 | 9.9 Critical |
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5. | ||||
CVE-2024-10128 | 1 Topdata | 2 Inner Rep Plus, Inner Rep Plus Webserver | 2024-10-30 | 2.7 Low |
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |