Use Of A Broken Or Risky Cryptographic Algorithm

Easy-RSA is vulnerable to weak encryption algorithm usage. The vulnerability is due to insecure key generation due to the use of a weak default encryption algorithm when creating the private CA key with OpenSSL 3, and attackers can exploit this to more easily brute-force the CA private key and...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in JWT

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of JWT Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka Java JWT has an unknown impact and attack vector. CWE:CWE-327: Use of a Broken or Risky...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose Vulnerability Details CVEID:CVE-2024-33663 DESCRIPTION: python-jose could allow a remote attacker to bypass security restrictions, caused by a flaw when the algorithm field is left unspecified when calling...

Siemens SIMATIC Devices Linux Kernel Use of a Broken or Risky Cryptographic Algorithm (CVE-2022-1434)

When using the RC4-MD5 ciphersuite, which is disabled by default, an attacker is able to modify data in transit due to an incorrect use of the AAD data as the MAC key in OpenSSL 3.0. An attacker is not able to decrypt any communication. This plugin only works with Tenable.ot. Please visit...

CVE-2022-1252

Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any...

CVE-2024-25102

This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm hash SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this...

CVE-2024-1224

This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm hash SHA1 in user login component. A local attacker with administrative privileges could exploit this vulnerability to obtain the password of USB Pratirodh on the targeted system. Successful exploitati...

CVE-2024-51478

YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5...

Synology DSM Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-27653)

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager DSM before 6.2.325426 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

CVE-2024-8603

A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted devices...

CVE-2024-8603

CVE-2024-8603 affects B&R Automation Runtime and B&R mapp View versions prior to 6.1, where the SSL/TLS component uses a broken or risky cryptographic algorithm. Unauthenticated network-based attackers may masquerade as services on impacted devices. Multiple sources (NVD/NCSA advisory references ...

CVE-2024-47921

Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm...

CVE-2024-47921 Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm...

CVE-2024-47921

CVE-2024-47921 concerns Smadar SPS with CWE-327: Use of a Broken or Risky Cryptographic Algorithm. Affected product: Smadar SPS; reports reference cryptographic weaknesses in the software (CNNVD 202412-3229) and details vary by source (e.g., version 4.0.44.0.64 cited by CNNVD). CVSS 3.1 metrics i...

CVE-2024-47921 Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm...

PT-2024-32897 · Unknown · Smadar Sps

Name of the Vulnerable Software and Affected Versions: Smadar SPS affected versions not specified Description: The issue is related to the use of a broken or risky cryptographic algorithm, as identified by CWE-327. This could potentially lead to security risks due to the weakness in the...

CVE-2024-28980

Dell RecoverPoint for VMs, versions 6.0.x contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution...

CVE-2024-28980

Dell RecoverPoint for VMs, versions 6.0.x contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution...

Password Reset Attack

yeswiki/yeswiki is vulnerable to weak cryptographic algorithm. The vulnerability is due to poor cryptographic practices, specifically the use of a weak cryptographic algorithm and a hard-coded salt for hashing the password reset key, allowing attackers to recover the reset key and gain unauthoriz...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm through the generateUserLink function. This could lead to account takeover, which can lead to theft of sensitive data, modification of website content, addition/deletion of administrator...