Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-326 (不充分的加密强度) — Vulnerability Class 115

115 vulnerabilities classified as CWE-326 (不充分的加密强度). AI Chinese analysis included.

CWE-326 represents a critical cryptographic weakness where sensitive data is protected by encryption algorithms that, while theoretically valid, lack the necessary strength to withstand modern computational attacks. This vulnerability typically manifests when developers employ outdated ciphers, insufficient key lengths, or deprecated protocols, leaving data vulnerable to brute-force attacks that can successfully decrypt information using readily available resources. Attackers exploit this by intercepting transmitted data or accessing stored files, bypassing security controls through sheer computational power rather than complex mathematical breakthroughs. To mitigate this risk, developers must adhere to current cryptographic standards, utilizing robust algorithms like AES with adequate key sizes, and regularly updating libraries to ensure encryption strength aligns with contemporary threat landscapes and regulatory compliance requirements.

MITRE CWE Description
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.
Common Consequences (1)
Access Control, ConfidentialityBypass Protection Mechanism, Read Application Data
An attacker may be able to decrypt the data using brute force attacks.
Mitigations (1)
Architecture and DesignUse an encryption scheme that is currently considered to be strong by experts in the field.
CVE IDTitleCVSSSeverityPublished
CVE-2023-1764 Canon IJ Network Tool 加密问题漏洞 — Canon IJ NW Tool 6.5 Medium2023-05-17
CVE-2022-4048 CODESYS V3 prone to Inadequate Encryption Stregth — CODESYS Development System V3 7.7 High2023-05-15
CVE-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM — Vault Enterprise 2.5 Low2023-05-01
CVE-2023-28124 UI Desktop 加密问题漏洞 — UI Desktop for Windows 5.5 -2023-04-19
CVE-2023-29054 Siemens SCALANCE 加密问题漏洞 — SCALANCE X200-4P IRT 6.7 Medium2023-04-11
CVE-2023-27987 Apache Linkis gateway module token authentication bypass — Apache Linkis 9.1 -2023-04-10
CVE-2022-34385 Dell SupportAssist Client 加密问题漏洞 — SupportAssist Client Consumer 5.5 Medium2023-02-10
CVE-2023-21443 SAMSUNG Flow 加密问题漏洞 — Samsung Flow for Android 7.5 High2023-02-09
CVE-2023-21444 SAMSUNG Flow 加密问题漏洞 — Samsung Flow for PC 7.5 High2023-02-09
CVE-2021-40341 Weak DES encryption — FOXMAN-UN 7.1 High2023-01-05
CVE-2022-2640 Horner Automation Remote Compact Controller 加密问题漏洞 — Remote Compact Controller (RCC) 972 7.5 High2022-12-12
CVE-2020-4099 HCL Verse for Android is susceptible to an APK signing key check vulnerability — HCL Verse for Android 5.9 Medium2022-11-01
CVE-2022-41209 SAP Customer Data Cloud 加密问题漏洞 — SAP Customer Data Cloud (Gigya) 5.2 -2022-10-11
CVE-2021-35226 Hashed Credential Exposure Vulnerability — Network Configuration Manager 6.5 Medium2022-10-10
CVE-2022-2758 Update — XG5000 6.5 Medium2022-08-31
CVE-2022-26306 Execution of Untrusted Macros Due to Improper Certificate Validation — LibreOffice 9.1 -2022-07-25
CVE-2022-26307 Weak Master Keys — LibreOffice 8.8 -2022-07-25
CVE-2020-16235 Emerson OpenEnterprise - Inadequate Encryption Strength — Open Enterprise 3.8 Low2022-05-19
CVE-2021-32010 Clients may connect to a GateManager with TLS 1.0 — SiteManager 5.6 Medium2022-05-04
CVE-2022-1318 Hills ComNav Inadequate Encryption Strength — ComNav 6.2 Medium2022-04-20
CVE-2021-32945 MDT AutoSave Inadequate Encryption Strength — MDT AutoSave 7.5 High2022-04-01
CVE-2021-37209 Siemens RUGGEDCOM 加密问题漏洞 — RUGGEDCOM i800 6.7 Medium2022-03-08
CVE-2020-10636 ICSA-20-140-02 Emerson OpenEnterprise — OpenEnterprise SCADA Software 6.5 Medium2022-02-24
CVE-2022-24318 EcoStruxure Geo SCADA Expert 加密问题漏洞 — ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) 7.5 -2022-02-09
CVE-2021-36337 Dell Wyse Management Suite 加密问题漏洞 — Wyse Management Suite 6.5 Medium2021-12-21
CVE-2021-38464 InHand Networks IR615 Router — IR615 Router 6.4 Medium2021-10-19
CVE-2018-16499 Versa VOS 加密问题漏洞 — Versa VOS 5.9 -2021-05-26
CVE-2021-27457 Emerson Rosemount X-STREAM Gas Analyzer 加密问题漏洞 — Emerson Rosemount X-STREAM Gas Analyzer 7.5 -2021-05-20
CVE-2020-26197 Dell Technologies Dell PowerScale OneFS 加密问题漏洞 — PowerScale OneFS 7.5 High2021-04-20
CVE-2021-27450 Grid Solutions GE MU320E 加密问题漏洞 — MU320E 8.1 -2021-03-25

Vulnerabilities classified as CWE-326 (不充分的加密强度) represent 115 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.