Common Weakness Enumeration

CWE-326

Allowed-with-Review

Inadequate Encryption Strength

Abstraction: Class · Status: Draft

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

633 vulnerabilities reference this CWE, most recent first.

GHSA-MR95-VFCF-FX9P

Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-27 21:56
VLAI
Summary
Apache Answer: Predictable Authorization Token Using UUIDv1
Details

Inadequate Encryption Strength vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.4.0.

The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/apache/incubator-answer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-45719"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-22T22:50:08Z",
    "nvd_published_at": "2024-11-22T15:15:10Z",
    "severity": "LOW"
  },
  "details": "Inadequate Encryption Strength vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.4.0.\n\nThe ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable.\nUsers are recommended to upgrade to version 1.4.1, which fixes the issue.",
  "id": "GHSA-mr95-vfcf-fx9p",
  "modified": "2024-11-27T21:56:44Z",
  "published": "2024-11-22T21:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45719"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/incubator-answer"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/11/22/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Answer: Predictable Authorization Token Using UUIDv1"
}

GHSA-MVRQ-WF2X-8C9P

Vulnerability from github – Published: 2025-01-17 21:31 – Updated: 2025-01-17 21:31
VLAI
Details

A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify® Algorithm Suite are not affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13026"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-17T20:15:27Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify\u00ae Algorithm Suite.  The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify\u00ae Algorithm Suite are not affected.",
  "id": "GHSA-mvrq-wf2x-8c9p",
  "modified": "2025-01-17T21:31:39Z",
  "published": "2025-01-17T21:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13026"
    },
    {
      "type": "WEB",
      "url": "https://diagnostics.roche.com/content/dam/diagnostics/Blueprint/en/pdf/Algo%20Edge%20-%20Authentication%20Vulnerability%20-%20Product%20Security%20Advisory.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:L/U:Clear",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-MW57-GV8V-CJ4R

Vulnerability from github – Published: 2024-01-09 18:30 – Updated: 2024-01-09 18:30
VLAI
Details

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20692"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-09T18:15:52Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability",
  "id": "GHSA-mw57-gv8v-cj4r",
  "modified": "2024-01-09T18:30:29Z",
  "published": "2024-01-09T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20692"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20692"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MWJC-5J4X-R686

Vulnerability from github – Published: 2026-03-20 21:55 – Updated: 2026-03-25 14:32
VLAI
Summary
AVideo has an unauthenticated decrypt oracle leaking any ciphertext
Details

Summary

The API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly (e.g., view/url2Embed.json.php), so any user can recover protected tokens/metadata. Severity: High.

Details

  • Entry: plugin/API/get.json.php is unauthenticated.
  • Handler: plugin/API/API.php get_api_decryptString() (lines ~5945–5966): php $string = decryptString($_REQUEST['string']); return new ApiObject($string, empty($string)); No APISecret or user check occurs before decrypting.
  • Public ciphertext source: view/url2Embed.json.php returns playLink/playEmbedLink (encryptString(json_encode(...))) to any caller.

PoC

  1. Obtain ciphertext: GET /view/url2Embed.json.php?url=https://example.com/video.mp4 Copy playLink.
  2. Decrypt without auth: ``` POST /plugin/API/get.json.php?APIName=decryptString Content-Type: application/x-www-form-urlencoded

string= ``` Response contains the plaintext JSON (videoLink, title, users_id, etc.).

Impact

  • Any encrypted payload produced by the platform can be decrypted by anyone.
  • Leaks tokens/links intended to be confidential; enables replay and tampering where secrecy was assumed.

Mitigation

  • Require API secret or authenticated/authorized user for decryptString, or remove the endpoint.
  • Prefer one-way signatures (HMAC) instead of exposing generic decryption.
  • Rotate encryption keys/salts after patch to invalidate exposed ciphertexts.
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "wwbn/avideo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "26.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33512"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-312",
      "CWE-326",
      "CWE-327"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-20T21:55:12Z",
    "nvd_published_at": "2026-03-23T19:16:40Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nThe API plugin exposes a `decryptString` action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly (e.g., `view/url2Embed.json.php`), so any user can recover protected tokens/metadata. Severity: High.\n\n### Details\n- Entry: `plugin/API/get.json.php` is unauthenticated.\n- Handler: `plugin/API/API.php` `get_api_decryptString()` (lines ~5945\u20135966):\n  ```php\n  $string = decryptString($_REQUEST[\u0027string\u0027]);\n  return new ApiObject($string, empty($string));\n  ```\n  No APISecret or user check occurs before decrypting.\n- Public ciphertext source: `view/url2Embed.json.php` returns `playLink`/`playEmbedLink` (`encryptString(json_encode(...))`) to any caller.\n\n### PoC\n1. Obtain ciphertext:\n   ```\n   GET /view/url2Embed.json.php?url=https://example.com/video.mp4\n   ```\n   Copy `playLink`.\n2. Decrypt without auth:\n   ```\n   POST /plugin/API/get.json.php?APIName=decryptString\n   Content-Type: application/x-www-form-urlencoded\n\n   string=\u003cplayLink ciphertext\u003e\n   ```\n   Response contains the plaintext JSON (videoLink, title, users_id, etc.).\n\n### Impact\n- Any encrypted payload produced by the platform can be decrypted by anyone.\n- Leaks tokens/links intended to be confidential; enables replay and tampering where secrecy was assumed.\n\n### Mitigation\n- Require API secret or authenticated/authorized user for `decryptString`, or remove the endpoint.\n- Prefer one-way signatures (HMAC) instead of exposing generic decryption.\n- Rotate encryption keys/salts after patch to invalidate exposed ciphertexts.",
  "id": "GHSA-mwjc-5j4x-r686",
  "modified": "2026-03-25T14:32:36Z",
  "published": "2026-03-20T21:55:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-mwjc-5j4x-r686"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33512"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WWBN/AVideo/commit/3fdeecef37bb88967a02ccc9b9acc8da95de1c13"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/WWBN/AVideo"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "AVideo has an unauthenticated decrypt oracle leaking any ciphertext"
}

GHSA-MX5Q-V692-HX4M

Vulnerability from github – Published: 2021-12-31 00:00 – Updated: 2022-07-13 00:01
VLAI
Details

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20161"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-30T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device.",
  "id": "GHSA-mx5q-v692-hx4m",
  "modified": "2022-07-13T00:01:04Z",
  "published": "2021-12-31T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20161"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2021-54"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MXFC-HGC2-6WXG

Vulnerability from github – Published: 2023-05-16 00:30 – Updated: 2024-04-04 04:11
VLAI
Details

In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21109"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-15T22:15:11Z",
    "severity": "HIGH"
  },
  "details": "In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597",
  "id": "GHSA-mxfc-hgc2-6wxg",
  "modified": "2024-04-04T04:11:30Z",
  "published": "2023-05-16T00:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21109"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2023-05-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P383-F595-X4QW

Vulnerability from github – Published: 2022-10-11 12:00 – Updated: 2022-10-11 19:00
VLAI
Details

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3433"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-328",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-10T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.",
  "id": "GHSA-p383-f595-x4qw",
  "modified": "2022-10-11T19:00:25Z",
  "published": "2022-10-11T12:00:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3433"
    },
    {
      "type": "WEB",
      "url": "https://cs-syd.eu/posts/2021-09-11-json-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P38X-2CFM-G52F

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-07-13 00:01
VLAI
Details

Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-11T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.",
  "id": "GHSA-p38x-2cfm-g52f",
  "modified": "2022-07-13T00:01:14Z",
  "published": "2022-05-24T19:05:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28213"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1866"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P3H7-3C45-QJ4V

Vulnerability from github – Published: 2022-05-17 05:18 – Updated: 2024-09-27 17:28
VLAI
Summary
Python Keyring does not securely initialize encryption cipher
Details

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.9.1"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "keyring"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2012-4571"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-29T21:40:04Z",
    "nvd_published_at": "2012-11-30T22:55:00Z",
    "severity": "HIGH"
  },
  "details": "Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for `CryptedFileKeyring` files, which makes it easier for local users to obtain passwords via a brute-force attack.",
  "id": "GHSA-p3h7-3c45-qj4v",
  "modified": "2024-09-27T17:28:09Z",
  "published": "2022-05-17T05:18:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4571"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jaraco/keyring/commit/162f2ed0e39e16d561732b9fad8af6cd2341d7bd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jaraco/keyring/commit/56272d908ba7a3fe4ebb6d6e87a7cc569f4726ac"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jaraco/keyring/commit/a76942672f6ac85a88bd9b9ed31fd133119b7702"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jaraco/keyring/commit/cbf509b0386c3063d8b2879ce72d78ac18023f72"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jaraco/keyring/commit/cc1ead78d1e3fab9fa8bb0b4bb334cb82d35db52"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jaraco/keyring"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keyring/PYSEC-2012-8.yaml"
    },
    {
      "type": "WEB",
      "url": "http://pypi.python.org/pypi/keyring"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/10/31/8"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1634-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Python Keyring does not securely initialize encryption cipher"
}

GHSA-P5J8-HCX4-456V

Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2026-02-24 18:30
VLAI
Details

The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40006"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-327"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-10T14:10:00Z",
    "severity": "MODERATE"
  },
  "details": "The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality.",
  "id": "GHSA-p5j8-hcx4-456v",
  "modified": "2026-02-24T18:30:55Z",
  "published": "2022-01-11T00:01:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40006"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2023/8"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Use an encryption scheme that is currently considered to be strong by experts in the field.

CAPEC-112: Brute Force

In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.

CAPEC-192: Protocol Analysis

An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.

CAPEC-20: Encryption Brute Forcing

An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.