CVE-2022-28164

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords...

Scala.js 安全特征问题漏洞

Scala.js is a Scala to JavaScript compiler. A security vulnerability exists in Scala.js versions prior to 1.10.0, which stems from insecure encryption in randomUUID...

Insecure Encryption

pocketmine/pocketmine-mp is using insecure encryption. The vulnerability exists in 'Minecraft Bedrock' function, due to authentication and protocol encryption are unchangeable servers are allowed to connect internet directly...

CVE-2021-33846 Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users...

CVE-2021-20170

Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password...

The vulnerability of the DNN CMS system, related to insufficiently secure data encryption, allows attackers to gain unauthorized access to protected information.

The vulnerability of the DNN CMS system is related to insufficiently secure data encryption. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

Insecure Encryption

showdoc/showdoc has insecure encryption. The vulnerability exists due to a hardcoded salt in its user password hash function...

The vulnerability affects the implementation of WPA/WPA2 protocols in Fortinet’s FortiOS operating systems and Fortinet FortiAP access point software. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the implementations of WPA/WPA2 protocols in Fortinet’s FortiOS operating systems and Fortinet FortiAP access point software is related to insufficiently secure data encryption. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected...

Canonical Ubuntu Remote-login-service Encryption Issue Vulnerability

Canonical Ubuntu is a desktop-oriented GNU/Linux operating system from the British company Canonical. A security vulnerability exists in Canonical Ubuntu's remote-login-service service, which stems from an insecure encryption algorithm used to cache usernames and passwords in crypt.c of...

CVE-2020-9128

FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak...

CVE-2020-9128

FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak...

Security Advisory - Insecure Encryption Algorithm Vulnerability in Some Huawei Products

Some Huawei products have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak. Vulnerability ID: HWPSIRT-2020-05067 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2020-912...

Default credentials

In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The librar...

UBUNTU-CVE-2020-11031

In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The librar...

PT-2020-12500 · Teclib +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.0 Description: The issue is related to an insecure encryption algorithm used in the software. The security of the encrypted data relies on the password used, and if a user sets a weak or predictable password, an...

CVE-2020-10927

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue...

The vulnerability of the SharePort Web Access component of the D-Link DIR-865L router’s microprogramming software allows a hacker to circumvent existing security restrictions through brute-force attacks.

The vulnerability of the SharePort Web Access component of the D-Link DIR-865L router software relates to insufficiently secure data encryption. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions through brute-force attacks...

Insecure Encryption

Overview bcrypt is an A library to help you hash passwords. Affected versions of this package are vulnerable to Insecure Encryption. Data is truncated wrong when its length is greater than 255 bytes. Remediation Upgrade bcrypt to version 5.0.0 or higher. References - GitHub Issue - GitHub PR 1 -...

Unspecified Vulnerability in Software- und Organisations-Service SOS JobScheduler

Software- und Organisations-Service SOS JobScheduler is a suite of open source, enterprise-class scheduling and process automation software from Software- und Organisations-Service, Germany. A security vulnerability exists in the JOE Job Editor component of Software- und Organisations-Service SOS...

CVE-2020-12712

A vulnerability based on insecure user/password encryption in the JOE job editor component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile...