Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-327
Total 360 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6984 1 Rockwellautomation 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more 2020-03-20 5.0 MEDIUM 7.5 HIGH
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable.
CVE-2012-5623 1 Squirrelmail 1 Change Passwd 2020-03-10 5.0 MEDIUM 7.5 HIGH
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.
CVE-2013-2213 1 Kde 1 Paste Applet 2020-02-24 2.1 LOW 5.5 MEDIUM
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output.
CVE-2019-4427 2 Ibm, Microsoft 2 Cloud Cli, Windows 2020-02-14 5.0 MEDIUM 7.5 HIGH
IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773.
CVE-2020-5229 1 Apereo 1 Opencast 2020-02-05 5.5 MEDIUM 8.1 HIGH
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially for popular users like the default `admin` user. This essentially means that for an attacker, it might be feasible to reconstruct a user's password given access to these hashes. Note that attackers needing access to the hashes means that they must gain access to the database in which these are stored first to be able to start cracking the passwords. The problem is addressed in Opencast 8.1 which now uses the modern and much stronger bcrypt password hashing algorithm for storing passwords. Note, that old hashes remain MD5 until the password is updated. For a list of users whose password hashes are stored using MD5, take a look at the `/user-utils/users/md5.json` REST endpoint.
CVE-2019-3700 1 Suse 1 Yast2-security 2020-02-05 2.1 LOW 3.3 LOW
yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes.
CVE-2019-4540 1 Ibm 1 Security Directory Server 2020-02-05 5.0 MEDIUM 7.5 HIGH
IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813.
CVE-2019-4639 1 Ibm 1 Security Secret Server 2020-01-30 5.0 MEDIUM 7.5 HIGH
IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045.
CVE-2020-1810 1 Huawei 6 Cloudengine 12800, Cloudengine 12800 Firmware, S5700 and 3 more 2020-01-21 5.0 MEDIUM 5.3 MEDIUM
There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information.
CVE-2018-6829 1 Gnupg 1 Libgcrypt 2020-01-15 5.0 MEDIUM 7.5 HIGH
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
CVE-2019-16208 1 Broadcom 1 Brocade Sannav 2019-11-14 5.0 MEDIUM 7.5 HIGH
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
CVE-2018-5745 1 Isc 1 Bind 2019-11-05 3.5 LOW 4.9 MEDIUM
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.
CVE-2019-11341 2 Google, Samsung 2 Android, Phone 2019-11-05 2.1 LOW 4.6 MEDIUM
On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.
CVE-2019-4399 1 Ibm 1 Cloud Orchestrator 2019-10-28 5.0 MEDIUM 7.5 HIGH
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260.
CVE-2019-7477 1 Sonicwall 2 Sonicos, Sonicosv 2019-10-09 5.0 MEDIUM 7.5 HIGH
A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
CVE-2019-1828 1 Cisco 4 Rv320, Rv320 Firmware, Rv325 and 1 more 2019-10-09 4.3 MEDIUM 8.1 HIGH
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for user credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack and decrypting intercepted credentials. A successful exploit could allow the attacker to gain access to an affected device with administrator privileges. This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22.
CVE-2018-5458 1 Philips 1 Intellispace Portal 2019-10-09 5.0 MEDIUM 7.5 HIGH
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information.
CVE-2018-1428 3 Ibm, Linux, Microsoft 3 Db2, Linux Kernel, Windows 2019-10-09 2.1 LOW 5.5 MEDIUM
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073.
CVE-2017-5243 1 Rapid7 1 Nexpose 2019-10-09 6.8 MEDIUM 8.5 HIGH
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks.
CVE-2017-1571 3 Ibm, Linux, Microsoft 3 Db2, Linux Kernel, Windows 2019-10-09 2.1 LOW 5.5 MEDIUM
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.