CWE-326
Allowed-with-ReviewInadequate Encryption Strength
Abstraction: Class · Status: Draft
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
631 vulnerabilities reference this CWE, most recent first.
GHSA-6H88-QJPV-P32M
Vulnerability from github – Published: 2017-10-24 18:33 – Updated: 2022-04-25 16:33The OpenSSL gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "openssl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-7798"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:19:22Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The OpenSSL gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.",
"id": "GHSA-6h88-qjpv-p32m",
"modified": "2022-04-25T16:33:57Z",
"published": "2017-10-24T18:33:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7798"
},
{
"type": "WEB",
"url": "https://github.com/ruby/openssl/issues/49"
},
{
"type": "WEB",
"url": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-6h88-qjpv-p32m"
},
{
"type": "PACKAGE",
"url": "https://github.com/ruby/openssl"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openssl/CVE-2016-7798.yml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210121065227/https://www.securityfocus.com/bid/93031/info"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3966"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/09/19/9"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/10/01/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "OpenSSL gem for Ruby using inadequate encryption strength"
}
GHSA-6J7Q-RMRP-5G6F
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It relies on broken encryption with a weak and guessable static encryption key.
{
"affected": [],
"aliases": [
"CVE-2020-11719"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-23T17:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It relies on broken encryption with a weak and guessable static encryption key.",
"id": "GHSA-6j7q-rmrp-5g6f",
"modified": "2022-05-24T17:37:00Z",
"published": "2022-05-24T17:37:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11719"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/160625/Programi-Bilanc-Build-007-Release-014-31.01.2020-Static-Key.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Dec/35"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6J9J-GVJ5-P6JX
Vulnerability from github – Published: 2022-04-07 00:00 – Updated: 2022-04-14 00:00An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data.
{
"affected": [],
"aliases": [
"CVE-2021-45104"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-06T02:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users\u0027 jobs and data.",
"id": "GHSA-6j9j-gvj5-p6jx",
"modified": "2022-04-14T00:00:31Z",
"published": "2022-04-07T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45104"
},
{
"type": "WEB",
"url": "https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0006"
},
{
"type": "WEB",
"url": "https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2022-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6JVC-Q2X7-PCHV
Vulnerability from github – Published: 2022-12-28 00:30 – Updated: 2026-02-03 17:28The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/aws/aws-sdk-go"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.34.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-2582"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-30T18:53:40Z",
"nvd_published_at": "2022-12-27T22:15:00Z",
"severity": "MODERATE"
},
"details": "The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.",
"id": "GHSA-6jvc-q2x7-pchv",
"modified": "2026-02-03T17:28:52Z",
"published": "2022-12-28T00:30:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/google/security-research/security/advisories/GHSA-76wf-9vgp-pj7w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2582"
},
{
"type": "WEB",
"url": "https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1"
},
{
"type": "PACKAGE",
"url": "https://github.com/aws/aws-sdk-go"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2022-0391"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field"
}
GHSA-6M5F-J7W2-W953
Vulnerability from github – Published: 2026-03-20 20:49 – Updated: 2026-03-25 20:30Summary
The createKeys() function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system — completely bypassing the second authentication factor. Additionally, the generateKeys.json.php and encryptMessage.json.php endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users.
Details
The vulnerability originates in plugin/LoginControl/pgp/functions.php at line 26:
// plugin/LoginControl/pgp/functions.php:26
$privateKey = RSA::createKey(512);
This code was copied from the singpolyma/openpgp-php library's example/demo code, which was never intended for production use. The entire PGP 2FA flow relies on these weak keys:
-
Key generation: When a user enables PGP 2FA, the UI calls
createKeys()which generates a 512-bit RSA keypair. The public key is saved to the database viasavePublicKey.json.php. -
Challenge creation (
LoginControl.php:520-531): During login, auniqid()token is generated, stored in the session, and encrypted with the user's stored public key:
// LoginControl.php:525-530
$_SESSION['user']['challenge']['text'] = uniqid();
$encMessage = self::encryptPGPMessage(User::getId(), $_SESSION['user']['challenge']['text']);
- Challenge verification (
LoginControl.php:533-539): The user must decrypt the challenge and submit the plaintext. Verification is a simple equality check:
// LoginControl.php:534
if ($response == $_SESSION['user']['challenge']['text']) {
Since 512-bit RSA was publicly factored in 1999 (RSA-155 challenge), an attacker who obtains the public key can factor the modulus using freely available tools (CADO-NFS, msieve, yafu) in a matter of hours on modern hardware, reconstruct the complete private key from the prime factors, and decrypt any challenge encrypted with that key.
Unauthenticated endpoints (compounding issue):
generateKeys.json.php does not include configuration.php and has no authentication check:
// plugin/LoginControl/pgp/generateKeys.json.php:1-2
<?php
require_once '../../../plugin/LoginControl/pgp/functions.php';
Similarly, encryptMessage.json.php has no authentication. Both are accessible to anonymous users, enabling abuse of CPU-intensive RSA key generation for denial-of-service.
PoC
Step 1: Obtain the target user's 512-bit public key
The public key must be obtained through a side channel (e.g., the user sharing it per PGP conventions, another vulnerability leaking database contents, or admin access). The key is stored in the users_externalOptions table under the key PGPKey.
Step 2: Extract the RSA modulus from the public key
# Extract the modulus from the PGP public key
echo "$PUBLIC_KEY_ARMOR" | gpg --import 2>/dev/null
gpg --list-keys --with-key-data | grep '^pub'
# Or use Python:
python3 -c "
from Crypto.PublicKey import RSA
# Parse the PGP key and extract RSA modulus N
# N will be a ~155-digit number (512 bits)
print(f'N = {key.n}')
"
Step 3: Factor the 512-bit modulus
# Using CADO-NFS (typically completes in 2-8 hours on a modern desktop)
cado-nfs.py <modulus_decimal>
# Or using msieve:
msieve -v <modulus_decimal>
# Output: p = <factor1>, q = <factor2>
Step 4: Reconstruct the private key and decrypt the 2FA challenge
from Crypto.PublicKey import RSA
from Crypto.Util.number import inverse
# From factoring step
p = <factor1>
q = <factor2>
n = p * q
e = 65537
d = inverse(e, (p-1)*(q-1))
# Reconstruct private key
privkey = RSA.construct((n, e, d, p, q))
# Decrypt the PGP-encrypted challenge from the login page
# and submit the plaintext to verifyChallenge.json.php
Step 5: Submit decrypted challenge to bypass 2FA
curl -b "session_cookie" \
"https://target/plugin/LoginControl/pgp/verifyChallenge.json.php" \
-d "response=<decrypted_uniqid_value>"
# Expected: {"error":false,"msg":"","response":"<value>"}
Unauthenticated endpoint abuse:
# No authentication required — CPU-intensive 512-bit RSA keygen
curl "https://target/plugin/LoginControl/pgp/generateKeys.json.php?keyPassword=test&keyName=test&keyEmail=test@test.com"
# Returns: {"error":false,"public":"-----BEGIN PGP PUBLIC KEY BLOCK-----...","private":"-----BEGIN PGP PRIVATE KEY BLOCK-----..."}
Impact
- 2FA Bypass: Any user who enabled PGP 2FA using the built-in key generator has their second factor effectively nullified. An attacker with knowledge of the password (phishing, credential stuffing, breach reuse) can bypass the 2FA protection entirely.
- Account Takeover: Combined with any credential compromise, this enables full account takeover of 2FA-protected accounts.
- Denial of Service: The unauthenticated
generateKeys.json.phpendpoint allows anonymous users to trigger CPU-intensive RSA key generation operations with no rate limiting. - Scope: All users who enabled PGP 2FA using the application's built-in key generator are affected. Users who imported their own externally-generated keys with adequate key sizes (2048+ bits) are not affected by the key weakness, but the unauthenticated endpoints affect all deployments with the LoginControl plugin.
Recommended Fix
1. Increase RSA key size to 2048 bits minimum (plugin/LoginControl/pgp/functions.php:26):
// Before:
$privateKey = RSA::createKey(512);
// After:
$privateKey = RSA::createKey(2048);
2. Add authentication to generateKeys.json.php (match the pattern used in decryptMessage.json.php):
<?php
require_once '../../../videos/configuration.php';
require_once '../../../plugin/LoginControl/pgp/functions.php';
header('Content-Type: application/json');
$obj = new stdClass();
$obj->error = true;
$plugin = AVideoPlugin::loadPluginIfEnabled('LoginControl');
if (!User::isLogged()) {
$obj->msg = "Authentication required";
die(json_encode($obj));
}
// ... rest of existing code
3. Add authentication to encryptMessage.json.php (same pattern):
<?php
require_once '../../../videos/configuration.php';
require_once '../../../plugin/LoginControl/pgp/functions.php';
// Add auth check before processing
if (!User::isLogged()) {
$obj->msg = 'Authentication required';
die(json_encode($obj));
}
4. Add minimum key size validation in savePublicKey.json.php to reject weak keys regardless of how they were generated:
// After line 26, before saving:
$keyData = OpenPGP_Message::parse(OpenPGP::unarmor($_REQUEST['publicKey'], 'PGP PUBLIC KEY BLOCK'));
if ($keyData && $keyData[0] instanceof OpenPGP_PublicKeyPacket) {
$bitLength = strlen($keyData[0]->key['n']) * 8;
if ($bitLength < 2048) {
$obj->msg = "Key size too small. Minimum 2048 bits required.";
die(json_encode($obj));
}
}
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "wwbn/avideo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "26.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33488"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-20T20:49:06Z",
"nvd_published_at": "2026-03-23T16:16:49Z",
"severity": "HIGH"
},
"details": "## Summary\n\nThe `createKeys()` function in the LoginControl plugin\u0027s PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user\u0027s public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system \u2014 completely bypassing the second authentication factor. Additionally, the `generateKeys.json.php` and `encryptMessage.json.php` endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users.\n\n## Details\n\nThe vulnerability originates in `plugin/LoginControl/pgp/functions.php` at line 26:\n\n```php\n// plugin/LoginControl/pgp/functions.php:26\n$privateKey = RSA::createKey(512);\n```\n\nThis code was copied from the `singpolyma/openpgp-php` library\u0027s example/demo code, which was never intended for production use. The entire PGP 2FA flow relies on these weak keys:\n\n1. **Key generation**: When a user enables PGP 2FA, the UI calls `createKeys()` which generates a 512-bit RSA keypair. The public key is saved to the database via `savePublicKey.json.php`.\n\n2. **Challenge creation** (`LoginControl.php:520-531`): During login, a `uniqid()` token is generated, stored in the session, and encrypted with the user\u0027s stored public key:\n```php\n// LoginControl.php:525-530\n$_SESSION[\u0027user\u0027][\u0027challenge\u0027][\u0027text\u0027] = uniqid();\n$encMessage = self::encryptPGPMessage(User::getId(), $_SESSION[\u0027user\u0027][\u0027challenge\u0027][\u0027text\u0027]);\n```\n\n3. **Challenge verification** (`LoginControl.php:533-539`): The user must decrypt the challenge and submit the plaintext. Verification is a simple equality check:\n```php\n// LoginControl.php:534\nif ($response == $_SESSION[\u0027user\u0027][\u0027challenge\u0027][\u0027text\u0027]) {\n```\n\nSince 512-bit RSA was publicly factored in 1999 (RSA-155 challenge), an attacker who obtains the public key can factor the modulus using freely available tools (CADO-NFS, msieve, yafu) in a matter of hours on modern hardware, reconstruct the complete private key from the prime factors, and decrypt any challenge encrypted with that key.\n\n**Unauthenticated endpoints** (compounding issue):\n\n`generateKeys.json.php` does not include `configuration.php` and has no authentication check:\n```php\n// plugin/LoginControl/pgp/generateKeys.json.php:1-2\n\u003c?php\nrequire_once \u0027../../../plugin/LoginControl/pgp/functions.php\u0027;\n```\n\nSimilarly, `encryptMessage.json.php` has no authentication. Both are accessible to anonymous users, enabling abuse of CPU-intensive RSA key generation for denial-of-service.\n\n## PoC\n\n**Step 1: Obtain the target user\u0027s 512-bit public key**\n\nThe public key must be obtained through a side channel (e.g., the user sharing it per PGP conventions, another vulnerability leaking database contents, or admin access). The key is stored in the `users_externalOptions` table under the key `PGPKey`.\n\n**Step 2: Extract the RSA modulus from the public key**\n\n```bash\n# Extract the modulus from the PGP public key\necho \"$PUBLIC_KEY_ARMOR\" | gpg --import 2\u003e/dev/null\ngpg --list-keys --with-key-data | grep \u0027^pub\u0027\n# Or use Python:\npython3 -c \"\nfrom Crypto.PublicKey import RSA\n# Parse the PGP key and extract RSA modulus N\n# N will be a ~155-digit number (512 bits)\nprint(f\u0027N = {key.n}\u0027)\n\"\n```\n\n**Step 3: Factor the 512-bit modulus**\n\n```bash\n# Using CADO-NFS (typically completes in 2-8 hours on a modern desktop)\ncado-nfs.py \u003cmodulus_decimal\u003e\n# Or using msieve:\nmsieve -v \u003cmodulus_decimal\u003e\n# Output: p = \u003cfactor1\u003e, q = \u003cfactor2\u003e\n```\n\n**Step 4: Reconstruct the private key and decrypt the 2FA challenge**\n\n```python\nfrom Crypto.PublicKey import RSA\nfrom Crypto.Util.number import inverse\n\n# From factoring step\np = \u003cfactor1\u003e\nq = \u003cfactor2\u003e\nn = p * q\ne = 65537\nd = inverse(e, (p-1)*(q-1))\n\n# Reconstruct private key\nprivkey = RSA.construct((n, e, d, p, q))\n\n# Decrypt the PGP-encrypted challenge from the login page\n# and submit the plaintext to verifyChallenge.json.php\n```\n\n**Step 5: Submit decrypted challenge to bypass 2FA**\n\n```bash\ncurl -b \"session_cookie\" \\\n \"https://target/plugin/LoginControl/pgp/verifyChallenge.json.php\" \\\n -d \"response=\u003cdecrypted_uniqid_value\u003e\"\n# Expected: {\"error\":false,\"msg\":\"\",\"response\":\"\u003cvalue\u003e\"}\n```\n\n**Unauthenticated endpoint abuse:**\n\n```bash\n# No authentication required \u2014 CPU-intensive 512-bit RSA keygen\ncurl \"https://target/plugin/LoginControl/pgp/generateKeys.json.php?keyPassword=test\u0026keyName=test\u0026keyEmail=test@test.com\"\n# Returns: {\"error\":false,\"public\":\"-----BEGIN PGP PUBLIC KEY BLOCK-----...\",\"private\":\"-----BEGIN PGP PRIVATE KEY BLOCK-----...\"}\n```\n\n## Impact\n\n- **2FA Bypass**: Any user who enabled PGP 2FA using the built-in key generator has their second factor effectively nullified. An attacker with knowledge of the password (phishing, credential stuffing, breach reuse) can bypass the 2FA protection entirely.\n- **Account Takeover**: Combined with any credential compromise, this enables full account takeover of 2FA-protected accounts.\n- **Denial of Service**: The unauthenticated `generateKeys.json.php` endpoint allows anonymous users to trigger CPU-intensive RSA key generation operations with no rate limiting.\n- **Scope**: All users who enabled PGP 2FA using the application\u0027s built-in key generator are affected. Users who imported their own externally-generated keys with adequate key sizes (2048+ bits) are not affected by the key weakness, but the unauthenticated endpoints affect all deployments with the LoginControl plugin.\n\n## Recommended Fix\n\n**1. Increase RSA key size to 2048 bits minimum** (`plugin/LoginControl/pgp/functions.php:26`):\n\n```php\n// Before:\n$privateKey = RSA::createKey(512);\n\n// After:\n$privateKey = RSA::createKey(2048);\n```\n\n**2. Add authentication to `generateKeys.json.php`** (match the pattern used in `decryptMessage.json.php`):\n\n```php\n\u003c?php\nrequire_once \u0027../../../videos/configuration.php\u0027;\nrequire_once \u0027../../../plugin/LoginControl/pgp/functions.php\u0027;\nheader(\u0027Content-Type: application/json\u0027);\n\n$obj = new stdClass();\n$obj-\u003eerror = true;\n\n$plugin = AVideoPlugin::loadPluginIfEnabled(\u0027LoginControl\u0027);\n\nif (!User::isLogged()) {\n $obj-\u003emsg = \"Authentication required\";\n die(json_encode($obj));\n}\n// ... rest of existing code\n```\n\n**3. Add authentication to `encryptMessage.json.php`** (same pattern):\n\n```php\n\u003c?php\nrequire_once \u0027../../../videos/configuration.php\u0027;\nrequire_once \u0027../../../plugin/LoginControl/pgp/functions.php\u0027;\n// Add auth check before processing\nif (!User::isLogged()) {\n $obj-\u003emsg = \u0027Authentication required\u0027;\n die(json_encode($obj));\n}\n```\n\n**4. Add minimum key size validation in `savePublicKey.json.php`** to reject weak keys regardless of how they were generated:\n\n```php\n// After line 26, before saving:\n$keyData = OpenPGP_Message::parse(OpenPGP::unarmor($_REQUEST[\u0027publicKey\u0027], \u0027PGP PUBLIC KEY BLOCK\u0027));\nif ($keyData \u0026\u0026 $keyData[0] instanceof OpenPGP_PublicKeyPacket) {\n $bitLength = strlen($keyData[0]-\u003ekey[\u0027n\u0027]) * 8;\n if ($bitLength \u003c 2048) {\n $obj-\u003emsg = \"Key size too small. Minimum 2048 bits required.\";\n die(json_encode($obj));\n }\n}\n```",
"id": "GHSA-6m5f-j7w2-w953",
"modified": "2026-03-25T20:30:55Z",
"published": "2026-03-20T20:49:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33488"
},
{
"type": "WEB",
"url": "https://github.com/WWBN/AVideo/commit/00d979d87f8182095c8150609153a43f834e351e"
},
{
"type": "PACKAGE",
"url": "https://github.com/WWBN/AVideo"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin"
}
GHSA-6MX7-73WW-9V6X
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-07-13 00:01IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556.
{
"affected": [],
"aliases": [
"CVE-2021-29794"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-12T16:15:00Z",
"severity": "HIGH"
},
"details": "IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556.",
"id": "GHSA-6mx7-73ww-9v6x",
"modified": "2022-07-13T00:01:17Z",
"published": "2022-05-24T19:07:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29794"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203556"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6469953"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6P6V-M64V-JX8Q
Vulnerability from github – Published: 2025-10-15 09:30 – Updated: 2026-06-08 19:46This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0.
Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes.
When spark.network.crypto.enabled is set to true (it is set to false by default), but spark.network.crypto.cipher is not explicitly configured, Spark defaults to AES in CTR mode (AES/CTR/NoPadding), which provides encryption without authentication.
This vulnerability allows a man-in-the-middle attacker to modify encrypted RPC traffic undetected by flipping bits in ciphertext, potentially compromising heartbeat messages or application data and affecting the integrity of Spark workflows.
To mitigate this issue, users should either configure spark.network.crypto.cipher to AES/GCM/NoPadding to enable authenticated encryption or enable SSL encryption by setting spark.ssl.enabled to true, which provides stronger transport security.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.spark:spark-network-common_2.13"
},
"ranges": [
{
"events": [
{
"introduced": "3.5.0"
},
{
"fixed": "3.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.spark:spark-network-common_2.13"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.spark:spark-network-common_2.12"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.spark:spark-network-common_2.12"
},
"ranges": [
{
"events": [
{
"introduced": "3.5.0"
},
{
"fixed": "3.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "pyspark"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "pyspark"
},
"ranges": [
{
"events": [
{
"introduced": "3.5.0"
},
{
"fixed": "3.5.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-55039"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-15T18:58:35Z",
"nvd_published_at": "2025-10-15T08:15:38Z",
"severity": "LOW"
},
"details": "This issue affects Apache Spark versions before 3.4.4,\u00a03.5.2 and 4.0.0.\n\nApache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes.\n\nWhen spark.network.crypto.enabled is set to true (it is set to false by default), but spark.network.crypto.cipher is not explicitly configured, Spark defaults to AES in CTR mode (AES/CTR/NoPadding), which provides encryption without authentication.\n\nThis vulnerability allows a man-in-the-middle attacker to modify encrypted RPC traffic undetected by flipping bits in ciphertext, potentially compromising heartbeat messages or application data and affecting the integrity of Spark workflows.\n\nTo mitigate this issue, users should either configure spark.network.crypto.cipher to AES/GCM/NoPadding to enable authenticated encryption or enable SSL encryption by setting spark.ssl.enabled to true, which provides stronger transport security.",
"id": "GHSA-6p6v-m64v-jx8q",
"modified": "2026-06-08T19:46:17Z",
"published": "2025-10-15T09:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55039"
},
{
"type": "WEB",
"url": "https://github.com/apache/spark/commit/05ba74e5f8043601b7af530429ceaf828d7bb329"
},
{
"type": "WEB",
"url": "https://github.com/apache/spark/commit/405b23b1aef889fad03bf4e3ced6d427dc9a43f4"
},
{
"type": "WEB",
"url": "https://github.com/apache/spark/commit/f0563ef64c7f42df21b16ccaeb4cf1324ea720f9"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/spark"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2025-184.yaml"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/SPARK-47172"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/zrgyy9l85nm2c7vk36vr7bkyorg3w4qq"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/10/14/11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Apache Spark has Inadequate Encryption Strength"
}
GHSA-6PR6-2GRV-9MC6
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks.
{
"affected": [],
"aliases": [
"CVE-2020-18220"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-20T20:15:00Z",
"severity": "HIGH"
},
"details": "Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks.",
"id": "GHSA-6pr6-2grv-9mc6",
"modified": "2022-05-24T19:02:49Z",
"published": "2022-05-24T19:02:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18220"
},
{
"type": "WEB",
"url": "https://github.com/doramart/DoraCMS/issues/190"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6Q4X-JXMF-PJPX
Vulnerability from github – Published: 2022-05-14 03:29 – Updated: 2022-05-14 03:29IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197.
{
"affected": [],
"aliases": [
"CVE-2015-4953"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-29T18:29:00Z",
"severity": "MODERATE"
},
"details": "IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197.",
"id": "GHSA-6q4x-jxmf-pjpx",
"modified": "2022-05-14T03:29:33Z",
"published": "2022-05-14T03:29:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4953"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/105197"
},
{
"type": "WEB",
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21972041"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV81388"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6W64-P2VC-5PH5
Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891.
{
"affected": [],
"aliases": [
"CVE-2018-1665"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-13T16:29:00Z",
"severity": "HIGH"
},
"details": "IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891.",
"id": "GHSA-6w64-p2vc-5ph5",
"modified": "2022-05-13T01:32:58Z",
"published": "2022-05-13T01:32:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1665"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144891"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744195"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Use an encryption scheme that is currently considered to be strong by experts in the field.
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-192: Protocol Analysis
An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.
CAPEC-20: Encryption Brute Forcing
An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.