Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.ASP.NET ViewState without MAC enabled is a cryptography vulnerability, classified under CWE-352, that occurs in web and API applications. It occurs when the application does not properly validate the ViewState data transmitted between the client and the server, enabling malicious users to tamper with the contents of the ViewState. This...
Base64-encoded data in parameter is a type of cryptography vulnerability that occurs in Web and API applications. According to Common Weakness Enumeration (CWE) directory, it is classified as CWE-344: Improper Insufficient Cryptographic Validation. This vulnerability is caused when an application fails to validate or restrict the unverified Base64- encoded data...
"Broken or Risky Cryptographic Algorithm" is a vulnerability that occurs when an application uses a cryptographic algorithm or protocol to protect sensitive data, that has known weaknesses or is considered broken by the cryptographic community. The Common Weakness Enumeration lists this as "CWE-327: Use of a Broken or Risky Cryptographic...
DES (Data Encryption Standard) Kerberos authentication refers to the use of the DES encryption algorithm within the Kerberos authentication protocol. Kerberos is a network authentication protocol that provides secure authentication for users and services over a non-secure network, and it can use various encryption algorithms for securing authentication tokens. DES...
Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE-331) is a vulnerability that occurs when a seed value used to initialize a Pseudo-Random Number Generator (PRNG) is not generated or chosen properly. This can allow a malicious actor to predict the output of the PRNG and exploit the generated numbers...
JWT HMAC Encryption is a type of encryption vulnerability that affects web and Application Programming Interfaces (APIs). According to the Common Weakness Enumeration directory (CWE), JWT HMAC Encryption is a vulnerability that occurs when a software system fails to properly validate digital tokens that are signed with symmetric key cryptographic...
Password Hash with Insufficient Computational Effort (CWE-521) is a Cryptography vulnerability related to the use of weak password hashing algorithms. This type of vulnerability occurs in Mobile Apps, Infrastructure, Web and API. It happens when an application does not use a strong enough hashing algorithm for passwords, which can be...
SSH Server CBC Mode Ciphers Enabled is a vulnerability that affects security in the domain of Cryptography. The vulnerability may allow an attacker to recover the plaintext from the ciphertext. It can be detected through various means, such as the use of automated vulnerability assessment tools, manual source code review,...
The remote SSH server is configured to allow weak key exchange algorithms.
The IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20, Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes among others:
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
gss-gex-sha1-*
gss-group1-sha1-*
gss-group14-sha1-*
rsa1024-sha1
The SSH key exchange...
SSH Weak MAC Algorithms Enabled (CWE-327) is a vulnerability in the cryptographic protocols used to protect data sent over unsecured networks. This vulnerability occurs when an SSH server or client is configured to allow weak MAC algorithms, such as HMAC-MD5 or MAC algorithms with 96-bit or less, to be used....
SSL Anonymous Cipher Suites Supported vulnerability (CWE-310) is when secure sockets layer (SSL) uses cipher suites that do not authenticate the parties involved in a secure communication. According to the OWASP Testing Guide, this vulnerability allows attackers to perform man-in-the-middle attacks, allowing them to gain access to sensitive information or...
SSL Certificate Chain Contains RSA Keys Less Than 2048 bits is a type of cryptographic vulnerability (CWE-310) which occurs when an SSL certificate chain contains RSA keys that are less than 2048 bits in length. This type of vulnerability is particularly common in infrastructure environments and can lead to serious...
SSL Certificate Signed Using Weak Hashing Algorithm is a vulnerability associated with the cryptographic algorithm used to sign the SSL certificate. This vulnerability is categorized as CWE-327, which is defined as “the use of a weak cryptographic algorithm or its parameters for protecting sensitive data” (CWE, 2020). This specific vulnerability...
SSL Medium Strength Cipher Suites Supported (SWEET32) is a vulnerability in Cryptography that occurs in Infrastructure. The Common Weakness Enumeration (CWE) directory identifies this vulnerability as CWE-327, which suggests that the cryptographic algorithm used is too weak to protect the data it is intended to secure. According to the OWASP...
SSL RC4 Cipher Suites Supported (Bar Mitzvah) is a vulnerability in the encryption of web traffic. It is related to the RC4 stream cipher, which is used in some versions of the SSL/TLS protocol. This vulnerability can allow an attacker to decrypt web traffic and gain access to sensitive information....
SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) is a vulnerability in cryptography that affects infrastructure. It is categorized as CWE-327: Use of a Broken or Risky Cryptographic Algorithm and is identified as an A8 Insecure Cryptographic Storage in the OWASP Testing Guide. This vulnerability occurs when an organization uses a...
Supported weak SSH algorithms is a vulnerability in cryptography related to the transmission of data between two systems (CWE-327). This vulnerability allows the use of weak encryption algorithms and the use of weak encryption keys. As a result, the data transmitted between the two systems could be intercepted, modified, or...
Weak Cipher Suites, classified as CWE-327 and CWE-310, is a cryptography vulnerability that occurs in web and API systems. It is a type of weakness where a system does not correctly implement cryptographic protocols and algorithms, which can lead to the encryption being weakened and the system's data being exposed....
/ Weak PSK
Weak PSK (CWE-327) is a cryptography-based IT vulnerability that occurs in infrastructure, such as wireless routers and access points. This type of vulnerability occurs when the pre-shared key (PSK) that is used to authenticate a user is weak or too short. This makes it easier for an attacker to guess...
Showing entries 1 to 19 of 19 entries.