Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-326 (不充分的加密强度) — Vulnerability Class 115

115 vulnerabilities classified as CWE-326 (不充分的加密强度). AI Chinese analysis included.

CWE-326 represents a critical cryptographic weakness where sensitive data is protected by encryption algorithms that, while theoretically valid, lack the necessary strength to withstand modern computational attacks. This vulnerability typically manifests when developers employ outdated ciphers, insufficient key lengths, or deprecated protocols, leaving data vulnerable to brute-force attacks that can successfully decrypt information using readily available resources. Attackers exploit this by intercepting transmitted data or accessing stored files, bypassing security controls through sheer computational power rather than complex mathematical breakthroughs. To mitigate this risk, developers must adhere to current cryptographic standards, utilizing robust algorithms like AES with adequate key sizes, and regularly updating libraries to ensure encryption strength aligns with contemporary threat landscapes and regulatory compliance requirements.

MITRE CWE Description
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.
Common Consequences (1)
Access Control, ConfidentialityBypass Protection Mechanism, Read Application Data
An attacker may be able to decrypt the data using brute force attacks.
Mitigations (1)
Architecture and DesignUse an encryption scheme that is currently considered to be strong by experts in the field.
CVE IDTitleCVSSSeverityPublished
CVE-2018-25272 ELBA5 5.8.0 Remote Code Execution via Database Access — ELBA5 9.8 Critical2026-04-22
CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT — GoAnywhere MFT 5.8 Medium2026-04-21
CVE-2026-5363 Use of weak cryptographic key in TP-Link Archer C7 — Archer C7 v5 and v5.8 7.5AIHighAI2026-04-15
CVE-2026-39349 OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure — orangehrm 6.5AIMediumAI2026-04-07
CVE-2026-33488 AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin — AVideo 7.4 High2026-03-23
CVE-2025-36379 IBM Security QRadar EDR Software has multiple vulnerabilities — Security QRadar EDR 5.9 Medium2026-02-17
CVE-2025-68703 Jervis has a Salt for PBKDF2 derived from password — jervis 6.5AIMediumAI2026-01-13
CVE-2026-0510 Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping — NW AS Java UME User Mapping 3.0 Low2026-01-13
CVE-2025-41743 Sprecher Automation: SPRECON-E series prone to weak encryption of update files — SPRECON-E-C 4.0 Medium2025-12-02
CVE-2025-11935 Forward Secrecy Violation in WolfSSL TLS 1.3 — wolfSSL 8.1 -2025-11-21
CVE-2025-12478 Non-Compliant TLS Configuration — BLU-IC2 9.1AICriticalAI2025-10-29
CVE-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability — .NET 8.0 4.8 Medium2025-10-14
CVE-2025-46409 DOS & CO SS1 加密问题漏洞 — SS1 9.1 -2025-08-28
CVE-2025-9513 editso fuso mod.rs PenetrateRsaAndAesHandshake inadequate encryption — fuso 3.7 Low2025-08-27
CVE-2025-9239 elunez eladmin DES Key EncryptUtils.java EncryptUtils inadequate encryption — eladmin 3.7 Low2025-08-20
CVE-2025-45764 jsrsasign 安全漏洞 — jsrsasign 3.2 Low2025-08-06
CVE-2025-36106 IBM Cognos Analytics Mobile (iOS) information disclosure — Cognos Analytics Mobile 6.5 Medium2025-07-21
CVE-2025-7398 Medium Strength Cipher Suites detected on port on ports 9000 and 8036 — Brocade ASCG 5.9AIMediumAI2025-07-17
CVE-2025-48960 Acronis Cyber Protect 加密问题漏洞 — Acronis Cyber Protect 16 9.1AICriticalAI2025-06-04
CVE-2025-4894 calmkart Django-sso-server crypto.py gen_rsa_keys inadequate encryption — Django-sso-server 3.7 Low2025-05-18
CVE-2025-27524 Weak encryption vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager — JP1/IT Desktop Management 2 - Smart Device Manager 5.3 Medium2025-05-15
CVE-2025-46833 Programs/P73_SimplePythonEncryption.py has weak cryptographic key — python-progrrames 7.5AIHighAI2025-05-08
CVE-2025-20667 MediaTek Chipsets 加密问题漏洞 — MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8675, MT8676, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T, MT8797 7.5AIHighAI2025-05-05
CVE-2024-42177 HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities — HCL MyXalytics 2.6 Low2025-04-17
CVE-2025-2516 Use of a weak cryptographic key in the signature verification process in WPS Office — WPS Office 5.9AIMediumAI2025-03-27
CVE-2024-54089 Siemens APOGEE Series 加密问题漏洞 — APOGEE PXC Series (BACnet) 7.5 High2025-02-11
CVE-2024-13454 easy-rsa 加密问题漏洞 — Easy-RSA 7.1 -2025-01-20
CVE-2024-13026 Inadequate Encryption Strength Vulnerability in Roche Algo Edge — Algorithm Suite 8.8 -2025-01-17
CVE-2024-45719 Apache Answer: Predictable Authorization Token Using UUIDv1 — Apache Answer 7.5 -2024-11-22
CVE-2024-40761 Apache Answer: Avatar URL leaked user email addresses — Apache Answer 7.5AIHighAI2024-09-25

Vulnerabilities classified as CWE-326 (不充分的加密强度) represent 115 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.