Vulnerabilities (CVE)

CWE filter

CWE-326

Filter

114 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-5056 1 Osram 1 Lightify Pro 2017-04-14 5.0
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.
CVE-2016-2379 1 Pidgin 1 Mxit 2017-04-10 3.3
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages...
CVE-2017-5239 1 Eviewgps 1 Ev-07s Gps Tracker Firmware 2017-03-31 5.0
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to...
CVE-2016-9121 1 Go-jose Project 1 Go-jose 2017-03-29 6.4
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as...
CVE-2016-10104 1 Hiteksoftware 1 Automize 2017-03-16 4.3
Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to...
CVE-2016-10103 1 Hiteksoftware 1 Automize 2017-03-16 4.3
Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x...
CVE-2016-10102 1 Hiteksoftware 1 Automize 2017-03-16 4.3
hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to...
CVE-2017-5999 1 Syspass 1 Syspass 2017-03-15 5.0
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael,...
CVE-2016-10101 1 Hiteksoftware 1 Automize 2017-03-15 4.3
Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager.
CVE-2016-2879 1 Ibm 1 Qradar Security Information And Event Manager 2017-03-04 2.1
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.
CVE-2016-4685 1 Apple 1 Iphone Os 2017-02-21 4.3
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files.
CVE-2016-3034 1 Ibm 1 Security Appscan Source 2017-02-13 2.1
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.
CVE-2015-8086 1 Huawei 7 S5300 Firmware, Quidway S5300 Firmware, Ar Firmware and 4 more 2016-11-28 4.0
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and...
CVE-2015-8085 1 Huawei 7 S5300 Firmware, Quidway S5300 Firmware, Ar Firmware and 4 more 2016-11-28 4.0
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and...