Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-326 (不充分的加密强度) — Vulnerability Class 115

115 vulnerabilities classified as CWE-326 (不充分的加密强度). AI Chinese analysis included.

CWE-326 represents a critical cryptographic weakness where sensitive data is protected by encryption algorithms that, while theoretically valid, lack the necessary strength to withstand modern computational attacks. This vulnerability typically manifests when developers employ outdated ciphers, insufficient key lengths, or deprecated protocols, leaving data vulnerable to brute-force attacks that can successfully decrypt information using readily available resources. Attackers exploit this by intercepting transmitted data or accessing stored files, bypassing security controls through sheer computational power rather than complex mathematical breakthroughs. To mitigate this risk, developers must adhere to current cryptographic standards, utilizing robust algorithms like AES with adequate key sizes, and regularly updating libraries to ensure encryption strength aligns with contemporary threat landscapes and regulatory compliance requirements.

MITRE CWE Description
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.
Common Consequences (1)
Access Control, ConfidentialityBypass Protection Mechanism, Read Application Data
An attacker may be able to decrypt the data using brute force attacks.
Mitigations (1)
Architecture and DesignUse an encryption scheme that is currently considered to be strong by experts in the field.
CVE IDTitleCVSSSeverityPublished
CVE-2024-39928 Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability — Apache Linkis Spark EngineConn 5.3AIMediumAI2024-09-24
CVE-2021-38121 Weak communication protocol identified in Advance Authentication client application — NetIQ Advance Authentication 8.3 High2024-08-28
CVE-2024-41681 Siemens Location Intelligence Perpetual 加密问题漏洞 — Location Intelligence family 6.7 Medium2024-08-13
CVE-2024-42163 Password Manipulation — FIWARE Keyrock 8.3 High2024-08-12
CVE-2024-21881 Upload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x — Envoy 8.8AIHighAI2024-08-10
CVE-2024-5800 Diffie-Hellman groups with insufficient strength used in SSL/TLS stack of B&R Automation Runtime — Automation Runtime 7.5AIHighAI2024-08-10
CVE-2024-40719 CHANGING Information Technology TCBServiSign Windows Version - Inadequate Encryption Strength — TCBServiSign Windows Version 6.5 Medium2024-08-02
CVE-2024-32758 exacqVision - Key exchanges — exacqVision--AI2024-08-01
CVE-2024-38867 Siemens SIPROTEC 5 加密问题漏洞 — SIPROTEC 5 6MD84 (CP300) 5.9 Medium2024-07-09
CVE-2024-28974 Dell Data Protection Advisor 加密问题漏洞 — Data Protection Advisor 7.6 High2024-05-29
CVE-2022-40745 IBM Aspera Faspex information disclosure — Aspera Faspex 5.5 Medium2024-04-19
CVE-2023-37397 IBM Aspera Faspex data manipulation — Aspera Faspex 3.6 Low2024-04-19
CVE-2024-29969 TLS/SSL weak message authentication code ciphers are added by default for port 18082 — Brocade SANnav 7.5 High2024-04-19
CVE-2024-29951 Brocade SANnav has weak encryption in internal SSH ports — Brocade SANnav 5.7 Medium2024-04-17
CVE-2024-29950 Brocade SANnav before v2.3.1, v2.3.0a uses weak encryption — Brocade SANnav 7.5 High2024-04-17
CVE-2024-3387 PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure — PAN-OS 5.3 Medium2024-04-10
CVE-2024-28860 Insecure IPsec transport encryption in Cilium — cilium 8.0 High2024-03-27
CVE-2022-32753 IBM Security Verify Directory information disclosure — Security Verify Directory 4.5 Medium2024-03-22
CVE-2024-25102 Information Disclosure Vulnerability in CDAC AppSamvid Software — AppSamvid Software 7.8 High2024-03-06
CVE-2024-1224 Information Disclosure Vulnerability in CDAC USB Pratirodh — USB Pratirodh 7.1 High2024-03-06
CVE-2024-23656 Dex 2.37.0 is discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers — dex 7.5 High2024-01-25
CVE-2024-20692 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability — Windows 10 Version 1809 5.7 Medium2024-01-09
CVE-2023-4129 Dell Data Protection Central 加密问题漏洞 — Data Protection Central 5.9 Medium2023-09-27
CVE-2023-41305 Huawei HarmonyOS 加密问题漏洞 — HarmonyOS 7.5 -2023-09-26
CVE-2023-34971 QTS, QuTS hero — QTS 7.1 High2023-08-24
CVE-2023-4333 Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server — LSI Storage Authority (LSA) 5.5 -2023-08-15
CVE-2023-35332 Windows Remote Desktop Protocol Security Feature Bypass — Windows 10 Version 1809 6.8 Medium2023-07-11
CVE-2023-36748 Siemens RUGGEDCOM ROX 系列多款产品 加密问题漏洞 — RUGGEDCOM ROX MX5000 5.9 Medium2023-07-11
CVE-2023-34337 Inadequate Encryption Strength — MegaRAC_SPx 7.6 High2023-07-05
CVE-2023-31135 Dgraph Audit Log Encryption nonce reuse — dgraph 3.3 Low2023-05-17

Vulnerabilities classified as CWE-326 (不充分的加密强度) represent 115 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.