87 matches found
Design/Logic Flaw
A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...
CVE-2022-45858
A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...
CVE-2022-45858
A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...
Design/Logic Flaw
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...
Security Bulletin: IBM Elastic Storage System 3000 is affected by weak cryptographic algorithm (CVE-2020-4350)
Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System 3000 GUI. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2020-4350 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithm...
Security Bulletin: IBM Elastic Storage System 3000 is affected by weak crypto algorithm (CVE-2020-4349)
Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System 3000 GUI that could allow an unauthorised user to execute commands . A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4349 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 throu...
CVE-2022-0022
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal non-FIPS-CC operationa...
CVE-2022-0022
CVE-2022-0022 affects PAN-OS: the password hashes for administrator and local user accounts are generated with a weak cryptographic algorithm in non-FIPS-CC mode, enabling hash cracking if hashes are obtained from PAN-OS configuration. Affected are PAN-OS 8.1 before 8.1.21; all 9.0; 9.1 before 9....
Palo Alto Networks PAN-OS 8.1.x < 8.1.21 / 9.0.x < 9.1.11 / 9.1.x < 9.1.11 / 10.0.x < 10.0.7 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.21 or 9.0.x prior to 9.1.11 or 9.1.x prior to 9.1.11 or 10.0.x prior to 10.0.7. It is, therefore, affected by a vulnerability. - Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software...
Security feature bypass
Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm RSA/ECB/PKCS1Padding. The issue will be patched in v2.3 for release builds and 426 onwards for...
CVE-2021-41096
The CVE-2021-41096 entry concerns the Rucky Android USB HID Rubber Ducky Launch Pad. Affected releases (versions 2.2 and earlier for release builds; 425 and earlier for nightly builds) use a weak cryptographic algorithm (RSA/ECB/PKCS1Padding) for encryption. The issue is addressed in v2.3 for rel...
CVE-2021-20497
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969...
Use of a Broken or Risky Cryptographic Algorithm in emoncms/emoncms
✍️ Description The function mtrand is used to generate verification keys, API keys both read & write, and even hash salts, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this functio...
Use of a Broken or Risky Cryptographic Algorithm in panique/huge
✍️ Description The function mtrand is used to generate password-reset tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate password-reset tokens that...
Code injection
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day...
WoWonder Social Network Platform 3.1 Authentication Bypass
Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Date: 11.06.2021 Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...
WoWonder Social Network Platform 3.1 - Authentication Bypass Exploit
Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...
WoWonder Social Network Platform 3.1 - Authentication Bypass
Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Date: 11.06.2021 Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...
IBM Security Guardium 加密问题漏洞
IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A weak cryptographic algorithm vulnerability exists in IBM Security...
IBM Security Verify Information Queue 加密问题漏洞
IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. A weak cryptographic algorithm vulnerability exists in IBM Security Verify Information Queue. An attacker could exploi...