CWE-326
Allowed-with-ReviewInadequate Encryption Strength
Abstraction: Class · Status: Draft
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
633 vulnerabilities reference this CWE, most recent first.
GHSA-84GM-V5WH-659W
Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2025-04-12 12:34OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
{
"affected": [],
"aliases": [
"CVE-2014-0224"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-06-05T21:55:00Z",
"severity": "HIGH"
},
"details": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.",
"id": "GHSA-84gm-v5wh-659w",
"modified": "2025-04-12T12:34:39Z",
"published": "2022-05-13T01:05:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0224"
},
{
"type": "WEB",
"url": "https://www.novell.com/support/kb/doc.php?id=7015271"
},
{
"type": "WEB",
"url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf"
},
{
"type": "WEB",
"url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf"
},
{
"type": "WEB",
"url": "https://www.imperialviolet.org/2014/06/05/earlyccs.html"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/docview.wss?uid=ssg1S1004671"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/docview.wss?uid=ssg1S1004670"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
},
{
"type": "WEB",
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bc8923b1ec9c467755cd86f7848c50ee8812e441"
},
{
"type": "WEB",
"url": "https://filezilla-project.org/versions.php?type=server"
},
{
"type": "WEB",
"url": "https://discussions.nessus.org/thread/7517"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103586"
},
{
"type": "WEB",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1"
},
{
"type": "WEB",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues"
},
{
"type": "WEB",
"url": "https://access.redhat.com/site/blogs/766093/posts/908133"
},
{
"type": "WEB",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
},
{
"type": "WEB",
"url": "http://ccsinjection.lepidum.co.jp"
},
{
"type": "WEB",
"url": "http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html"
},
{
"type": "WEB",
"url": "http://esupport.trendmicro.com/solution/en-US/1103813.aspx"
},
{
"type": "WEB",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629"
},
{
"type": "WEB",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29195"
},
{
"type": "WEB",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=KB29217"
},
{
"type": "WEB",
"url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140369637402535\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140386311427810\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140499864129699\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140604261522465\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140672208601650\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140784085708882\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140794476212181\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140852757108392\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140852826008699\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140870499402361\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140983229106599\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=141025641601169\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=141147110427269\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=141164638606214\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=141383410222440\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
},
{
"type": "WEB",
"url": "http://puppetlabs.com/security/cve/cve-2014-0224"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0624.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0626.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0627.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0630.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0631.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0632.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0633.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0680.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Jun/38"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58128"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58337"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58385"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58433"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58492"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58579"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58615"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58639"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58660"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58667"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58713"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58714"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58716"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58719"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58742"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58743"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58745"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58759"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58930"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58939"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58945"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58977"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59004"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59012"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59040"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59043"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59055"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59063"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59093"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59101"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59120"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59126"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59132"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59135"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59142"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59162"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59163"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59167"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59175"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59186"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59188"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59189"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59190"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59191"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59192"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59202"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59211"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59214"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59215"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59223"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59231"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59264"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59282"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59284"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59287"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59300"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59301"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59305"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59306"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59310"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59325"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59338"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59342"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59347"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59354"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59362"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59364"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59365"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59368"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59370"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59374"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59375"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59380"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59383"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59389"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59413"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59429"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59435"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59437"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59438"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59440"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59441"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59442"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59444"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59445"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59446"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59447"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59448"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59449"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59450"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59451"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59454"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59459"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59460"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59483"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59490"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59491"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59495"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59502"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59506"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59514"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59518"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59525"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59528"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59529"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59530"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59589"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59602"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59655"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59659"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59661"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59666"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59669"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59677"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59721"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59784"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59824"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59827"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59878"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59885"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59894"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59916"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59990"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60049"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60066"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60176"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60522"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60567"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60571"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60577"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60819"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/61254"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/61815"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6443"
},
{
"type": "WEB",
"url": "http://support.citrix.com/article/CTX140876"
},
{
"type": "WEB",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html"
},
{
"type": "WEB",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676333"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676334"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676478"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676536"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676786"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676833"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676845"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677080"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677131"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677390"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677567"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678233"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037727"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037729"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037730"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037731"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037732"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037870"
},
{
"type": "WEB",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740"
},
{
"type": "WEB",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754"
},
{
"type": "WEB",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755"
},
{
"type": "WEB",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756"
},
{
"type": "WEB",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757"
},
{
"type": "WEB",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737"
},
{
"type": "WEB",
"url": "http://www.blackberry.com/btsc/KB36051"
},
{
"type": "WEB",
"url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
},
{
"type": "WEB",
"url": "http://www.fortiguard.com/advisory/FG-IR-14-018"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=isg3T1020948"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004678"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IT02314"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21676877"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
},
{
"type": "WEB",
"url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/978508"
},
{
"type": "WEB",
"url": "http://www.kerio.com/support/kerio-control/release-history"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"type": "WEB",
"url": "http://www.novell.com/support/kb/doc.php?id=7015264"
},
{
"type": "WEB",
"url": "http://www.novell.com/support/kb/doc.php?id=7015300"
},
{
"type": "WEB",
"url": "http://www.openssl.org/news/secadv_20140605.txt"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1031032"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1031594"
},
{
"type": "WEB",
"url": "http://www.splunk.com/view/SP-CAAAM2D"
},
{
"type": "WEB",
"url": "http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"type": "WEB",
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
},
{
"type": "WEB",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E"
},
{
"type": "WEB",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-84JM-9GQ7-8QCH
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-07-13 00:01IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.
{
"affected": [],
"aliases": [
"CVE-2021-38979"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-15T16:15:00Z",
"severity": "HIGH"
},
"details": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.",
"id": "GHSA-84jm-9gq7-8qch",
"modified": "2022-07-13T00:01:36Z",
"published": "2022-05-24T19:20:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38979"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212785"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6516034"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-86R9-39J9-99WP
Vulnerability from github – Published: 2021-06-23 17:17 – Updated: 2021-05-20 16:54go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "gopkg.in/square/go-jose.v1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/square/go-jose"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-9121"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-20T16:54:50Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack.",
"id": "GHSA-86r9-39j9-99wp",
"modified": "2021-05-20T16:54:50Z",
"published": "2021-06-23T17:17:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9121"
},
{
"type": "WEB",
"url": "https://github.com/square/go-jose/commit/c7581939a3656bb65e89d64da0a52364a33d2507"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/164590"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2020-0010"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2016/11/03/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Elliptic Curve Key Disclosure in go-jose"
}
GHSA-877X-WH4J-H3GM
Vulnerability from github – Published: 2022-05-14 03:50 – Updated: 2022-05-14 03:50IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.
{
"affected": [],
"aliases": [
"CVE-2017-1664"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-04T17:29:00Z",
"severity": "MODERATE"
},
"details": "IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.",
"id": "GHSA-877x-wh4j-h3gm",
"modified": "2022-05-14T03:50:24Z",
"published": "2022-05-14T03:50:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1664"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133557"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012027"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102470"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-87G3-RX63-RRCH
Vulnerability from github – Published: 2022-09-17 00:00 – Updated: 2025-06-03 21:30The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.
{
"affected": [],
"aliases": [
"CVE-2021-42949"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-16T15:15:00Z",
"severity": "CRITICAL"
},
"details": "The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.",
"id": "GHSA-87g3-rx63-rrch",
"modified": "2025-06-03T21:30:30Z",
"published": "2022-09-17T00:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42949"
},
{
"type": "WEB",
"url": "https://github.com/dhammon/HotelDruid-CVE-2021-42949"
},
{
"type": "WEB",
"url": "https://github.com/dhammon/Security"
},
{
"type": "WEB",
"url": "https://www.hoteldruid.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-87P9-XF94-P7QH
Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2022-05-24 17:28A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php
{
"affected": [],
"aliases": [
"CVE-2020-24925"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-15T13:15:00Z",
"severity": "HIGH"
},
"details": "A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php",
"id": "GHSA-87p9-xf94-p7qh",
"modified": "2022-05-24T17:28:20Z",
"published": "2022-05-24T17:28:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24925"
},
{
"type": "WEB",
"url": "https://vyshnavvizz.blogspot.com/2020/09/sensitive-information-disclosure-source.html"
},
{
"type": "WEB",
"url": "https://www.elkarbackup.org"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-88R9-VCJ8-625F
Vulnerability from github – Published: 2023-04-11 09:30 – Updated: 2024-04-04 03:23Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).
{
"affected": [],
"aliases": [
"CVE-2023-27389"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-11T09:15:00Z",
"severity": "HIGH"
},
"details": "Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).",
"id": "GHSA-88r9-vcj8-625f",
"modified": "2024-04-04T03:23:48Z",
"published": "2023-04-11T09:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27389"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU96198617"
},
{
"type": "WEB",
"url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_cps_230317_en.pdf"
},
{
"type": "WEB",
"url": "https://www.contec.com/download/donwload-list/?itemid=a054b3eb-da97-40d0-9598-d7f5ff4239ec#firmware"
},
{
"type": "WEB",
"url": "https://www.contec.com/download/donwload-list/?itemid=a1b33f0d-d32b-4549-9741-613cd37d5528#firmware"
},
{
"type": "WEB",
"url": "https://www.contec.com/download/donwload-list/?itemid=f832c526-dcf6-4976-85aa-f536c15a8120#firmware"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-88VG-7C8F-H3PR
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR (Technical Security Requirements).
{
"affected": [],
"aliases": [
"CVE-2018-16499"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-26T19:15:00Z",
"severity": "MODERATE"
},
"details": "In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR (Technical Security Requirements).",
"id": "GHSA-88vg-7c8f-h3pr",
"modified": "2022-05-24T19:03:18Z",
"published": "2022-05-24T19:03:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16499"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1168196"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-89V6-G7J9-XJ43
Vulnerability from github – Published: 2022-09-20 00:00 – Updated: 2022-09-23 00:00WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.
{
"affected": [],
"aliases": [
"CVE-2022-29835"
],
"database_specific": {
"cwe_ids": [
"CWE-326",
"CWE-327",
"CWE-328"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-19T20:15:00Z",
"severity": "MODERATE"
},
"details": "WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.",
"id": "GHSA-89v6-g7j9-xj43",
"modified": "2022-09-23T00:00:42Z",
"published": "2022-09-20T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29835"
},
{
"type": "WEB",
"url": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8CGG-HM22-RFWQ
Vulnerability from github – Published: 2022-05-17 03:44 – Updated: 2022-05-17 03:44Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm.
{
"affected": [],
"aliases": [
"CVE-2015-8085"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-10-03T21:59:00Z",
"severity": "MODERATE"
},
"details": "Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm.",
"id": "GHSA-8cgg-hm22-rfwq",
"modified": "2022-05-17T03:44:02Z",
"published": "2022-05-17T03:44:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8085"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-455876"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/76897"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Use an encryption scheme that is currently considered to be strong by experts in the field.
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-192: Protocol Analysis
An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.
CAPEC-20: Encryption Brute Forcing
An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.