CWE-326
Allowed-with-ReviewInadequate Encryption Strength
Abstraction: Class · Status: Draft
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
633 vulnerabilities reference this CWE, most recent first.
GHSA-MR95-VFCF-FX9P
Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-27 21:56Inadequate Encryption Strength vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.4.0.
The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/apache/incubator-answer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-45719"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-22T22:50:08Z",
"nvd_published_at": "2024-11-22T15:15:10Z",
"severity": "LOW"
},
"details": "Inadequate Encryption Strength vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.4.0.\n\nThe ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable.\nUsers are recommended to upgrade to version 1.4.1, which fixes the issue.",
"id": "GHSA-mr95-vfcf-fx9p",
"modified": "2024-11-27T21:56:44Z",
"published": "2024-11-22T21:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45719"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/incubator-answer"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/11/22/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache Answer: Predictable Authorization Token Using UUIDv1"
}
GHSA-MVRQ-WF2X-8C9P
Vulnerability from github – Published: 2025-01-17 21:31 – Updated: 2025-01-17 21:31A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify® Algorithm Suite are not affected.
{
"affected": [],
"aliases": [
"CVE-2024-13026"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-17T20:15:27Z",
"severity": "MODERATE"
},
"details": "A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify\u00ae Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify\u00ae Algorithm Suite are not affected.",
"id": "GHSA-mvrq-wf2x-8c9p",
"modified": "2025-01-17T21:31:39Z",
"published": "2025-01-17T21:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13026"
},
{
"type": "WEB",
"url": "https://diagnostics.roche.com/content/dam/diagnostics/Blueprint/en/pdf/Algo%20Edge%20-%20Authentication%20Vulnerability%20-%20Product%20Security%20Advisory.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:L/U:Clear",
"type": "CVSS_V4"
}
]
}
GHSA-MW57-GV8V-CJ4R
Vulnerability from github – Published: 2024-01-09 18:30 – Updated: 2024-01-09 18:30Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-20692"
],
"database_specific": {
"cwe_ids": [
"CWE-326",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-09T18:15:52Z",
"severity": "MODERATE"
},
"details": "Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability",
"id": "GHSA-mw57-gv8v-cj4r",
"modified": "2024-01-09T18:30:29Z",
"published": "2024-01-09T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20692"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20692"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MWJC-5J4X-R686
Vulnerability from github – Published: 2026-03-20 21:55 – Updated: 2026-03-25 14:32Summary
The API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly (e.g., view/url2Embed.json.php), so any user can recover protected tokens/metadata. Severity: High.
Details
- Entry:
plugin/API/get.json.phpis unauthenticated. - Handler:
plugin/API/API.phpget_api_decryptString()(lines ~5945–5966):php $string = decryptString($_REQUEST['string']); return new ApiObject($string, empty($string));No APISecret or user check occurs before decrypting. - Public ciphertext source:
view/url2Embed.json.phpreturnsplayLink/playEmbedLink(encryptString(json_encode(...))) to any caller.
PoC
- Obtain ciphertext:
GET /view/url2Embed.json.php?url=https://example.com/video.mp4CopyplayLink. - Decrypt without auth: ``` POST /plugin/API/get.json.php?APIName=decryptString Content-Type: application/x-www-form-urlencoded
string= ``` Response contains the plaintext JSON (videoLink, title, users_id, etc.).
Impact
- Any encrypted payload produced by the platform can be decrypted by anyone.
- Leaks tokens/links intended to be confidential; enables replay and tampering where secrecy was assumed.
Mitigation
- Require API secret or authenticated/authorized user for
decryptString, or remove the endpoint. - Prefer one-way signatures (HMAC) instead of exposing generic decryption.
- Rotate encryption keys/salts after patch to invalidate exposed ciphertexts.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "wwbn/avideo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "26.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33512"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-312",
"CWE-326",
"CWE-327"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-20T21:55:12Z",
"nvd_published_at": "2026-03-23T19:16:40Z",
"severity": "HIGH"
},
"details": "### Summary\nThe API plugin exposes a `decryptString` action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly (e.g., `view/url2Embed.json.php`), so any user can recover protected tokens/metadata. Severity: High.\n\n### Details\n- Entry: `plugin/API/get.json.php` is unauthenticated.\n- Handler: `plugin/API/API.php` `get_api_decryptString()` (lines ~5945\u20135966):\n ```php\n $string = decryptString($_REQUEST[\u0027string\u0027]);\n return new ApiObject($string, empty($string));\n ```\n No APISecret or user check occurs before decrypting.\n- Public ciphertext source: `view/url2Embed.json.php` returns `playLink`/`playEmbedLink` (`encryptString(json_encode(...))`) to any caller.\n\n### PoC\n1. Obtain ciphertext:\n ```\n GET /view/url2Embed.json.php?url=https://example.com/video.mp4\n ```\n Copy `playLink`.\n2. Decrypt without auth:\n ```\n POST /plugin/API/get.json.php?APIName=decryptString\n Content-Type: application/x-www-form-urlencoded\n\n string=\u003cplayLink ciphertext\u003e\n ```\n Response contains the plaintext JSON (videoLink, title, users_id, etc.).\n\n### Impact\n- Any encrypted payload produced by the platform can be decrypted by anyone.\n- Leaks tokens/links intended to be confidential; enables replay and tampering where secrecy was assumed.\n\n### Mitigation\n- Require API secret or authenticated/authorized user for `decryptString`, or remove the endpoint.\n- Prefer one-way signatures (HMAC) instead of exposing generic decryption.\n- Rotate encryption keys/salts after patch to invalidate exposed ciphertexts.",
"id": "GHSA-mwjc-5j4x-r686",
"modified": "2026-03-25T14:32:36Z",
"published": "2026-03-20T21:55:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-mwjc-5j4x-r686"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33512"
},
{
"type": "WEB",
"url": "https://github.com/WWBN/AVideo/commit/3fdeecef37bb88967a02ccc9b9acc8da95de1c13"
},
{
"type": "PACKAGE",
"url": "https://github.com/WWBN/AVideo"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "AVideo has an unauthenticated decrypt oracle leaking any ciphertext"
}
GHSA-MX5Q-V692-HX4M
Vulnerability from github – Published: 2021-12-31 00:00 – Updated: 2022-07-13 00:01Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device.
{
"affected": [],
"aliases": [
"CVE-2021-20161"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-30T22:15:00Z",
"severity": "HIGH"
},
"details": "Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device.",
"id": "GHSA-mx5q-v692-hx4m",
"modified": "2022-07-13T00:01:04Z",
"published": "2021-12-31T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20161"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXFC-HGC2-6WXG
Vulnerability from github – Published: 2023-05-16 00:30 – Updated: 2024-04-04 04:11In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597
{
"affected": [],
"aliases": [
"CVE-2023-21109"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-15T22:15:11Z",
"severity": "HIGH"
},
"details": "In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597",
"id": "GHSA-mxfc-hgc2-6wxg",
"modified": "2024-04-04T04:11:30Z",
"published": "2023-05-16T00:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21109"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-05-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P383-F595-X4QW
Vulnerability from github – Published: 2022-10-11 12:00 – Updated: 2022-10-11 19:00The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.
{
"affected": [],
"aliases": [
"CVE-2022-3433"
],
"database_specific": {
"cwe_ids": [
"CWE-326",
"CWE-328",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-10T22:15:00Z",
"severity": "MODERATE"
},
"details": "The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.",
"id": "GHSA-p383-f595-x4qw",
"modified": "2022-10-11T19:00:25Z",
"published": "2022-10-11T12:00:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3433"
},
{
"type": "WEB",
"url": "https://cs-syd.eu/posts/2021-09-11-json-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P38X-2CFM-G52F
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-07-13 00:01Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
{
"affected": [],
"aliases": [
"CVE-2021-28213"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-11T16:15:00Z",
"severity": "HIGH"
},
"details": "Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.",
"id": "GHSA-p38x-2cfm-g52f",
"modified": "2022-07-13T00:01:14Z",
"published": "2022-05-24T19:05:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28213"
},
{
"type": "WEB",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1866"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P3H7-3C45-QJ4V
Vulnerability from github – Published: 2022-05-17 05:18 – Updated: 2024-09-27 17:28Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.9.1"
},
"package": {
"ecosystem": "PyPI",
"name": "keyring"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2012-4571"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-29T21:40:04Z",
"nvd_published_at": "2012-11-30T22:55:00Z",
"severity": "HIGH"
},
"details": "Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for `CryptedFileKeyring` files, which makes it easier for local users to obtain passwords via a brute-force attack.",
"id": "GHSA-p3h7-3c45-qj4v",
"modified": "2024-09-27T17:28:09Z",
"published": "2022-05-17T05:18:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4571"
},
{
"type": "WEB",
"url": "https://github.com/jaraco/keyring/commit/162f2ed0e39e16d561732b9fad8af6cd2341d7bd"
},
{
"type": "WEB",
"url": "https://github.com/jaraco/keyring/commit/56272d908ba7a3fe4ebb6d6e87a7cc569f4726ac"
},
{
"type": "WEB",
"url": "https://github.com/jaraco/keyring/commit/a76942672f6ac85a88bd9b9ed31fd133119b7702"
},
{
"type": "WEB",
"url": "https://github.com/jaraco/keyring/commit/cbf509b0386c3063d8b2879ce72d78ac18023f72"
},
{
"type": "WEB",
"url": "https://github.com/jaraco/keyring/commit/cc1ead78d1e3fab9fa8bb0b4bb334cb82d35db52"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845"
},
{
"type": "PACKAGE",
"url": "https://github.com/jaraco/keyring"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/keyring/PYSEC-2012-8.yaml"
},
{
"type": "WEB",
"url": "http://pypi.python.org/pypi/keyring"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/8"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1634-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:P",
"type": "CVSS_V4"
}
],
"summary": "Python Keyring does not securely initialize encryption cipher"
}
GHSA-P5J8-HCX4-456V
Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2026-02-24 18:30The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality.
{
"affected": [],
"aliases": [
"CVE-2021-40006"
],
"database_specific": {
"cwe_ids": [
"CWE-326",
"CWE-327"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-10T14:10:00Z",
"severity": "MODERATE"
},
"details": "The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality.",
"id": "GHSA-p5j8-hcx4-456v",
"modified": "2026-02-24T18:30:55Z",
"published": "2022-01-11T00:01:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40006"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2023/8"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Use an encryption scheme that is currently considered to be strong by experts in the field.
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-192: Protocol Analysis
An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.
CAPEC-20: Encryption Brute Forcing
An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.