1649 matches found
CVE-2001-1546
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file...
CVE-2003-1276
Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEYCURRENTUSER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts...
CVE-2021-27457
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access...
CVE-2021-33589
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm...
CVE-2019-20775
An issue was discovered on LG mobile devices with Android OS 9.0 Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets software. Weak encryption leads to local information disclosure. The LG ID is LVE-SMP-190010 August 2019...
CVE-2020-10377
A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials...
CVE-1999-0476
A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user...
CVE-1999-0356
ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book...
Security Bulletin: IBM Event Streams is vulnerable to Weak Encryption (CVE-2025-45767)
Summary IBM Event Streams is vulnerable to weak encryption due to the JOSE library. JOSE is used for JSON Object Signing and Encryption in token-based authentication. Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is...
EUVD-2025-205644
A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality...
Apache StreamPark Weak Algorithm Vulnerability
Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a weak algorithmic vulnerability that stems from the use of weak encryption algorithms, which can be exploited by an attacker to expose sensitive...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data version 5.2.2 Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim o...
CVE-2025-53960
When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...
EUVD-2025-203092
Apache StreamPark: Use the user’s password as the secret key Vulnerability...
GHSA-3HG2-RH4R-8QF6 Apache StreamPark: Use the user’s password as the secret key Vulnerability
When encrypting sensitive data, weak encryption keys that are fixed or directly generated based on user passwords are used. Attackers can obtain these keys through methods such as reverse engineering, code leaks, or password guessing, thereby decrypting stored or transmitted encrypted data, leadi...
CVE-2025-53960
When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...
EUVD-2025-203081
Apache StreamPark uses a Weak Encryption Algorithm...
Apache StreamPark uses a Weak Encryption Algorithm
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...
CVE-2025-54981
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...
CVE-2025-53960 Apache StreamPark: Uses the user’s password as the secret key
When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...