Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-326 (不充分的加密强度) — Vulnerability Class 115

115 vulnerabilities classified as CWE-326 (不充分的加密强度). AI Chinese analysis included.

CWE-326 represents a critical cryptographic weakness where sensitive data is protected by encryption algorithms that, while theoretically valid, lack the necessary strength to withstand modern computational attacks. This vulnerability typically manifests when developers employ outdated ciphers, insufficient key lengths, or deprecated protocols, leaving data vulnerable to brute-force attacks that can successfully decrypt information using readily available resources. Attackers exploit this by intercepting transmitted data or accessing stored files, bypassing security controls through sheer computational power rather than complex mathematical breakthroughs. To mitigate this risk, developers must adhere to current cryptographic standards, utilizing robust algorithms like AES with adequate key sizes, and regularly updating libraries to ensure encryption strength aligns with contemporary threat landscapes and regulatory compliance requirements.

MITRE CWE Description
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.
Common Consequences (1)
Access Control, ConfidentialityBypass Protection Mechanism, Read Application Data
An attacker may be able to decrypt the data using brute force attacks.
Mitigations (1)
Architecture and DesignUse an encryption scheme that is currently considered to be strong by experts in the field.
CVE IDTitleCVSSSeverityPublished
CVE-2021-20406 IBM Security Verify Information Queue information disclosure — Security Verify Information Queue 2.2 Low2021-02-12
CVE-2020-25685 dnsmasq 加密问题漏洞 — dnsmasq 3.7 -2021-01-20
CVE-2020-26263 RSA vulnerability in tslite-ng — tlslite-ng 7.5 High2020-12-21
CVE-2020-7565 Schneider Electric Modicon M221 加密问题漏洞 — Modicon M221, all references, all versions 7.3 -2020-11-19
CVE-2020-3549 Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability — Cisco Firepower Management Center 6.5 -2020-10-21
CVE-2020-14517 WIBU CodeMeter 加密问题漏洞 — CodeMeter 9.8 -2020-09-16
CVE-2020-10125 NCR SelfServ ATMs APTRA XFS 加密问题漏洞 — SelfServ ATM 7.6 -2020-08-21
CVE-2020-1982 PAN-OS: TLS 1.0 usage for certain communications with Palo Alto Networks cloud delivered services — PAN-OS 4.8 Medium2020-07-08
CVE-2019-19101 Incomplete communication encryption and validation in B&R Automation Studio upgrade service — Automation Studio 6.5 Medium2020-04-29
CVE-2020-10601 VISAM VBASE Editor和VBASE Web-Remote Module 加密问题漏洞 — VBASE Editor 7.8 -2020-04-03
CVE-2019-14855 GnuPG 加密问题漏洞 — gnupg2 6.2 -2020-03-20
CVE-2019-19299 Siemens SiNVR 3 Central Control Server和SiNVR 3 Video Server 加密问题漏洞 — SiNVR/SiVMS Video Server 7.5 High2020-03-10
CVE-2020-6966 多款GE产品加密问题漏洞 — GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors 10.0 -2020-01-24
CVE-2019-18263 多款Philips产品加密问题漏洞 — Philips Veradius Unity, Pulsera, and Endura Dual WAN Router 6.5 -2019-12-20
CVE-2019-18241 Philips IntelliBridge EC40 Hub和IntelliBridge EC80 Hub 加密问题漏洞 — Philips IntelliBridge EC40 and EC80 8.1 -2019-11-25
CVE-2018-19001 Philips HealthSuite Health Android App 安全漏洞 — Philips HealthSuite Health Android App 5.2 -2018-12-07
CVE-2018-0448 Cisco Digital Network Architecture Center Authentication Bypass Vulnerability — Cisco Digital Network Architecture Center (DNA Center) 9.8 -2018-10-05
CVE-2018-0131 Cisco IOS Software和Cisco IOS XE Software 安全漏洞 — IOS and IOS XE 5.9 -2018-08-14
CVE-2017-9635 Schneider Electric Ampla MES 安全漏洞 — Ampla MES 8.1 -2018-05-18
CVE-2018-4839 多款Siemens产品加密问题漏洞 — DIGSI 4 5.9 -2018-03-08
CVE-2018-5461 多款Belden产品安全漏洞 — Hirschmann Automation and Control GmbH Classic Platform Switches 5.9 -2018-03-06
CVE-2017-9645 多款Mirion Technologies产品安全漏洞 — Mirion Technologies Telemetry Enabled Devices 6.5 -2017-09-20
CVE-2014-9199 Clorius Controls A/S ISC SCADA Insecure Java Client Inadequate Encryption Strength — A/S Java web client 9.1 -2015-01-17
CVE-2014-2380 Schneider Electric Wonderware Inadequate Encryption Strength — Wonderware Information Server Portal 7.5 -2014-08-28
CVE-2014-2381 Schneider Electric Wonderware Inadequate Encryption Strength — Wonderware Information Server Portal 6.2 -2014-08-28

Vulnerabilities classified as CWE-326 (不充分的加密强度) represent 115 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.