Design/Logic Flaw

"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."...

CVE-2019-4325

"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."...

CVE-2019-4325

CVE-2019-4325 affects HCL AppScan Enterprise; root cause is the use of broken or risky cryptographic algorithms to store REST API user details. Impact and remediation details are not explicitly provided in the connected documents; refer to the CVE entry for basic score context (MEDIUM) and the ve...

IBM Data Risk Manager weak encryption algorithm vulnerability (CNVD-2020-53514)

IBM Data Risk Manager is a data risk manager that helps discover, analyze and visualize business risks associated with data. A weak cryptographic algorithm vulnerability exists in IBM Data Risk Manager 2.0.6. An attacker could exploit the vulnerability to decrypt highly sensitive information...

Security Bulletin: Use of a Broken or Risky Cryptographic Algorithm in Resilient App Host (CVE-2020-4637)

Summary Resilient App Host Beta was using weaker than expected Cryptographic Algorithm. Vulnerability Details CVEID: CVE-2020-4637 DESCRIPTION: IBM Resilient uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base score: 5...

Security Bulletin: IBM Elastic Storage Server GUI is affected by weak cryptographic algorithm (CVE-2020-4349)

Summary A security vulnerability has been identified in all levels of IBM Elastic Storage Server GUI where weaker than expected cryptographic algorithms are permitted. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4349 DESCRIPTION: IBM Spectrum Scale 5.0.0.0...

Integer Overflow or Wraparound and Use of a Broken or Risky Cryptographic Algorithm in bcrypt

In bcrypt npm package before version 5.0.0, data is truncated wrong when its length is greater than 255 bytes...

CVE-2020-7514

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder Version 1.4.7.2 and older which could allow an attacker access to the authorization credentials for a device and gain full access...

Authorization

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder Version 1.4.7.2 and older which could allow an attacker access to the authorization credentials for a device and gain full access...

CVE-2020-7514

Schneider Electric Easergy Builder (versions ≤ 1.4.7.2) contains a CWE-327 vulnerability due to use of a broken or risky cryptographic algorithm. This could allow an attacker to access the device’s authorization credentials and gain full access. The affected component is Easergy Builder; root cau...

CVE-2020-7514

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder Version 1.4.7.2 and older which could allow an attacker access to the authorization credentials for a device and gain full access...

Design/Logic Flaw

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 Firmware version 1.5.2 and older which could allow an attacker to acquire a password by brute force...

Code injection

In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-0187

CVE-2020-0187 affects Android 10 where in engineSetMode of BaseBlockCipher.java a comparison error could permit information disclosure without extra privileges. Documents confirm the vulnerability type as information disclosure with local access required, and no user interaction. Public reference...

Rockwellautomation Micrologix Use of a Broken or Risky Cryptographic Algorithm

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable. File data ot500367.nasl...

Beckhoff Twincat Use of a Broken or Risky Cryptographic Algorithm

Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption...

Security Bulletin: IBM Spectrum Scale GUI is affected by weak cryptographic algorithm (CVE-2020-4350)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4350 DESCRIPTION: IBM Spectrum Scale uses weaker than expected cryptographic algorithms that could allow an attacker to...

CVE-2020-7001

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed...

Information disclosure

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed...

CVE-2020-7001

CVE-2020-7001 affects Moxa EDS-G516E and EDS-510E Ethernet Switches with firmware 5.2 or lower, where the implementation uses a weak cryptographic algorithm that may disclose confidential information. This is confirmed by multiple sources (NVD entry and Red Hat advisory) describing the weakness a...