CWE-326
Allowed-with-ReviewInadequate Encryption Strength
Abstraction: Class · Status: Draft
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
631 vulnerabilities reference this CWE, most recent first.
GHSA-M89F-H769-X259
Vulnerability from github – Published: 2023-08-15 21:30 – Updated: 2025-11-04 18:30Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows
{
"affected": [],
"aliases": [
"CVE-2023-4333"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-15T19:15:11Z",
"severity": "MODERATE"
},
"details": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows",
"id": "GHSA-m89f-h769-x259",
"modified": "2025-11-04T18:30:42Z",
"published": "2023-08-15T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4333"
},
{
"type": "WEB",
"url": "https://www.broadcom.com/support/resources/product-security-center"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M9RF-7FMW-CWW6
Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800.
{
"affected": [],
"aliases": [
"CVE-2020-4594"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-13T19:15:00Z",
"severity": "HIGH"
},
"details": "IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800.",
"id": "GHSA-m9rf-7fmw-cww6",
"modified": "2022-05-24T17:38:59Z",
"published": "2022-05-24T17:38:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4594"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184800"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6403463"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MC32-9QQV-RF25
Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-05-24 17:06An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept sensitive information.
{
"affected": [],
"aliases": [
"CVE-2019-19891"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-13T18:15:00Z",
"severity": "MODERATE"
},
"details": "An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept sensitive information.",
"id": "GHSA-mc32-9qqv-rf25",
"modified": "2022-05-24T17:06:05Z",
"published": "2022-05-24T17:06:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19891"
},
{
"type": "WEB",
"url": "https://www.mitel.com/support/security-advisories"
},
{
"type": "WEB",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0009"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MCCF-9MCX-74PC
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.
{
"affected": [],
"aliases": [
"CVE-2016-5919"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-16T20:59:00Z",
"severity": "HIGH"
},
"details": "IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.",
"id": "GHSA-mccf-9mcx-74pc",
"modified": "2022-05-13T01:14:05Z",
"published": "2022-05-13T01:14:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5919"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996868"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037855"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MFPM-R2J3-W7VR
Vulnerability from github – Published: 2023-11-09 15:30 – Updated: 2023-11-20 18:30The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims.
{
"affected": [],
"aliases": [
"CVE-2023-47372"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-09T15:15:09Z",
"severity": "MODERATE"
},
"details": "The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims.",
"id": "GHSA-mfpm-r2j3-w7vr",
"modified": "2023-11-20T18:30:46Z",
"published": "2023-11-09T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47372"
},
{
"type": "WEB",
"url": "https://github.com/syz913/CVE-reports/blob/main/UPDATESALON%20C-LOUNGE.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MFPQ-74CH-R5X4
Vulnerability from github – Published: 2022-05-14 01:06 – Updated: 2022-05-14 01:06IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.
{
"affected": [],
"aliases": [
"CVE-2017-1665"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-04T17:29:00Z",
"severity": "MODERATE"
},
"details": "IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.",
"id": "GHSA-mfpq-74ch-r5x4",
"modified": "2022-05-14T01:06:14Z",
"published": "2022-05-14T01:06:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1665"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133559"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4262"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MH8F-5GW2-5WGH
Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2026-04-16 15:31The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
{
"affected": [],
"aliases": [
"CVE-2020-1968"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-09T14:15:00Z",
"severity": "MODERATE"
},
"details": "The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).",
"id": "GHSA-mh8f-5gw2-5wgh",
"modified": "2026-04-16T15:31:26Z",
"published": "2022-05-24T17:27:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1968"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200911-0004"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4504-1"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20200909.txt"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MHR9-83M9-MFGJ
Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF.
{
"affected": [],
"aliases": [
"CVE-2019-8772"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-18T18:15:00Z",
"severity": "MODERATE"
},
"details": "An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF.",
"id": "GHSA-mhr9-83m9-mfgj",
"modified": "2022-05-24T17:04:33Z",
"published": "2022-05-24T17:04:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8772"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT210634"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210722"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MJ68-CHX7-GHQ2
Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-04 00:16IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078.
{
"affected": [],
"aliases": [
"CVE-2018-2007"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-29T17:29:00Z",
"severity": "HIGH"
},
"details": "IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078.",
"id": "GHSA-mj68-chx7-ghq2",
"modified": "2024-04-04T00:16:47Z",
"published": "2022-05-24T16:44:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-2007"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155078"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10874952"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MJG4-5RFJ-952F
Vulnerability from github – Published: 2022-04-22 00:24 – Updated: 2024-04-03 23:05The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
{
"affected": [],
"aliases": [
"CVE-2011-4121"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-26T05:15:00Z",
"severity": "CRITICAL"
},
"details": "The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of \u00271\u0027 to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.",
"id": "GHSA-mjg4-5rfj-952f",
"modified": "2024-04-03T23:05:48Z",
"published": "2022-04-22T00:24:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4121"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/cve-2011-4121"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4121"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4121"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/07/01/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Use an encryption scheme that is currently considered to be strong by experts in the field.
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-192: Protocol Analysis
An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.
CAPEC-20: Encryption Brute Forcing
An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.