CWE-326
Allowed-with-ReviewInadequate Encryption Strength
Abstraction: Class · Status: Draft
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
632 vulnerabilities reference this CWE, most recent first.
GHSA-65V8-8343-JCQR
Vulnerability from github – Published: 2021-12-07 00:00 – Updated: 2022-07-13 00:01Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content
{
"affected": [],
"aliases": [
"CVE-2021-22170"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-06T18:15:00Z",
"severity": "HIGH"
},
"details": "Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database\u0027s encrypted content",
"id": "GHSA-65v8-8343-jcqr",
"modified": "2022-07-13T00:01:08Z",
"published": "2021-12-07T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22170"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22170.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/36855"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6655-7W5J-5H7J
Vulnerability from github – Published: 2022-09-17 00:00 – Updated: 2022-09-21 00:00Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.
{
"affected": [],
"aliases": [
"CVE-2022-30683"
],
"database_specific": {
"cwe_ids": [
"CWE-326",
"CWE-657"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-16T18:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.",
"id": "GHSA-6655-7w5j-5h7j",
"modified": "2022-09-21T00:00:38Z",
"published": "2022-09-17T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30683"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-66VF-XW82-P57G
Vulnerability from github – Published: 2023-11-06 21:31 – Updated: 2023-11-06 21:31Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).
{
"affected": [],
"aliases": [
"CVE-2022-48193"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-06T20:15:07Z",
"severity": "MODERATE"
},
"details": "Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).",
"id": "GHSA-66vf-xw82-p57g",
"modified": "2023-11-06T21:31:08Z",
"published": "2023-11-06T21:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48193"
},
{
"type": "WEB",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-11.html"
},
{
"type": "WEB",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-11.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-678C-G967-VV47
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.
{
"affected": [],
"aliases": [
"CVE-2021-3789"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-12T22:15:00Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.",
"id": "GHSA-678c-g967-vv47",
"modified": "2022-05-24T19:20:29Z",
"published": "2022-05-24T19:20:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3789"
},
{
"type": "WEB",
"url": "https://binatoneglobal.com/security-advisory"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-67FJ-6W6M-W5J8
Vulnerability from github – Published: 2022-05-25 22:34 – Updated: 2022-05-25 22:34Impact
This weakness allows the force decryption of locked text by hackers. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. Upgrading to 1.7 is advised.
Patches
The vulnerability has been patched in release 1.7.
Workarounds
Currently there is no way to fix the issue without upgrading.
References
For more information
If you have any questions or comments about this advisory: * Open an issue in our issue tracker * Email us at javaezlib@gmail.com
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.github.javaezlib:JavaEZ"
},
"ranges": [
{
"events": [
{
"introduced": "1.6"
},
{
"fixed": "1.7"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6"
]
}
],
"aliases": [
"CVE-2022-29249"
],
"database_specific": {
"cwe_ids": [
"CWE-326",
"CWE-327",
"CWE-328"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-25T22:34:15Z",
"nvd_published_at": "2022-05-24T16:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nThis weakness allows the force decryption of locked text by hackers. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. Upgrading to 1.7 is advised.\n\n### Patches\nThe vulnerability has been patched in release 1.7.\n\n### Workarounds\nCurrently there is no way to fix the issue without upgrading.\n\n### References\n[CWE-327](https://cwe.mitre.org/data/definitions/327.html)\n[CWE-328](https://cwe.mitre.org/data/definitions/328.html)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [our issue tracker](http://github.com/JavaEZLib/JavaEZ/issues)\n* Email us at [javaezlib@gmail.com](mailto:javaezlib@gmail.com)\n",
"id": "GHSA-67fj-6w6m-w5j8",
"modified": "2022-05-25T22:34:15Z",
"published": "2022-05-25T22:34:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/JavaEZLib/JavaEZ/security/advisories/GHSA-67fj-6w6m-w5j8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29249"
},
{
"type": "PACKAGE",
"url": "https://github.com/JavaEZLib/JavaEZ"
},
{
"type": "WEB",
"url": "https://github.com/JavaEZLib/JavaEZ/releases/tag/1.7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Reversible One-Way Hash in io.github.javaezlib:JavaEZ"
}
GHSA-67RP-QVHX-GP49
Vulnerability from github – Published: 2022-05-14 04:03 – Updated: 2022-05-14 04:03A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.
{
"affected": [],
"aliases": [
"CVE-2017-14090"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-16T02:29:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.",
"id": "GHSA-67rp-qvhx-gp49",
"modified": "2022-05-14T04:03:37Z",
"published": "2022-05-14T04:03:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14090"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/1118486"
},
{
"type": "WEB",
"url": "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-68PF-56RH-7FJ8
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0.
{
"affected": [],
"aliases": [
"CVE-2018-6653"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-01T00:29:00Z",
"severity": "MODERATE"
},
"details": "comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0.",
"id": "GHSA-68pf-56rh-7fj8",
"modified": "2022-05-13T01:53:09Z",
"published": "2022-05-13T01:53:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6653"
},
{
"type": "WEB",
"url": "https://comforte.com/cve-2018-6653"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbns03827en_us"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-69H6-426Q-XX8G
Vulnerability from github – Published: 2023-07-05 21:30 – Updated: 2024-04-04 05:23AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
{
"affected": [],
"aliases": [
"CVE-2023-34337"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-05T19:15:09Z",
"severity": "HIGH"
},
"details": "\nAMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability\u00a0may lead to a loss of confidentiality, integrity, and availability. \n\n\n\n",
"id": "GHSA-69h6-426q-xx8g",
"modified": "2024-04-04T05:23:56Z",
"published": "2023-07-05T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34337"
},
{
"type": "WEB",
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023006.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6CH4-944P-WF7J
Vulnerability from github – Published: 2025-08-07 21:31 – Updated: 2025-08-12 15:31ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."
{
"affected": [],
"aliases": [
"CVE-2025-45765"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-07T21:15:27Z",
"severity": "CRITICAL"
},
"details": "ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier\u0027s perspective is \"keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also.\"",
"id": "GHSA-6ch4-944p-wf7j",
"modified": "2025-08-12T15:31:15Z",
"published": "2025-08-07T21:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45765"
},
{
"type": "WEB",
"url": "https://github.com/jwt/ruby-jwt/issues/668"
},
{
"type": "WEB",
"url": "https://gist.github.com/ZupeiNie/c621253068ce5b64911629534879e8f9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6FQJ-W26X-Q42V
Vulnerability from github – Published: 2021-12-02 00:00 – Updated: 2021-12-03 00:00IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.
{
"affected": [],
"aliases": [
"CVE-2021-20400"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-01T17:15:00Z",
"severity": "HIGH"
},
"details": "IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.",
"id": "GHSA-6fqj-w26x-q42v",
"modified": "2021-12-03T00:00:43Z",
"published": "2021-12-02T00:00:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20400"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196074"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6520488"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Use an encryption scheme that is currently considered to be strong by experts in the field.
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-192: Protocol Analysis
An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.
CAPEC-20: Encryption Brute Forcing
An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.