Common Weakness Enumeration

CWE-326

Allowed-with-Review

Inadequate Encryption Strength

Abstraction: Class · Status: Draft

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

631 vulnerabilities reference this CWE, most recent first.

GHSA-9C75-PQWM-RCVF

Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32
VLAI
Details

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1946"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-21T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388.",
  "id": "GHSA-9c75-pqwm-rcvf",
  "modified": "2022-05-13T01:32:28Z",
  "published": "2022-05-13T01:32:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1946"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153388"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10872142"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9FJ5-JG6F-QG5R

Vulnerability from github – Published: 2022-01-08 00:43 – Updated: 2023-07-21 19:24
VLAI
Summary
Use of Hard-coded Credentials in Apache Kylin
Details

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.kylin:kylin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.kylin:kylin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-45458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-330",
      "CWE-798"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-07T22:53:35Z",
    "nvd_published_at": "2022-01-06T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin\u0027s configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.",
  "id": "GHSA-9fj5-jg6f-qg5r",
  "modified": "2023-07-21T19:24:02Z",
  "published": "2022-01-08T00:43:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45458"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/kylin/pull/1781"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/kylin/pull/1782"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/kylin"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/oof215qz188k16vhlo97cm1jksxdowfy"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/01/06/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/01/06/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use of Hard-coded Credentials in Apache Kylin"
}

GHSA-9FP2-68JW-464M

Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-16 00:01
VLAI
Details

The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0828"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-11T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.",
  "id": "GHSA-9fp2-68jw-464m",
  "modified": "2022-04-16T00:01:10Z",
  "published": "2022-04-12T00:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0828"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/7f0742ad-6fd7-4258-9e44-d42e138789bb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9G3V-V24Q-JJ5P

Vulnerability from github – Published: 2022-10-06 18:52 – Updated: 2024-11-22 20:17
VLAI
Summary
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
Details

rdiffweb prior to 2.5.0a4 does not have a rate limit to prevent attackers attempting brute force attacks to guess passwords. Version 2.5.0a4 limits the number of incorrect password attempts.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "rdiffweb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-3273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-06T20:06:51Z",
    "nvd_published_at": "2022-10-06T18:16:00Z",
    "severity": "HIGH"
  },
  "details": "rdiffweb prior to 2.5.0a4 does not have a rate limit to prevent attackers attempting brute force attacks to guess passwords. Version 2.5.0a4 limits the number of incorrect password attempts.",
  "id": "GHSA-9g3v-v24q-jj5p",
  "modified": "2024-11-22T20:17:17Z",
  "published": "2022-10-06T18:52:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3273"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ikus060/rdiffweb/commit/b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ikus060/rdiffweb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43156.yaml"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks"
}

GHSA-9GXQ-WFG7-72X4

Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2025-11-04 21:30
VLAI
Details

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-25685"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-20T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.",
  "id": "GHSA-9gxq-wfg7-72x4",
  "modified": "2025-11-04T21:30:24Z",
  "published": "2022-05-24T17:39:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25685"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889688"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202101-17"
    },
    {
      "type": "WEB",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4844"
    },
    {
      "type": "WEB",
      "url": "https://www.jsof-tech.com/disclosures/dnspooq"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/434904"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9H67-GQH5-W6F6

Vulnerability from github – Published: 2022-02-25 00:00 – Updated: 2025-04-17 21:30
VLAI
Details

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-14481"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-261",
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-24T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user\u2019s operating system and certain components of FactoryTalk View SE.",
  "id": "GHSA-9h67-gqh5-w6f6",
  "modified": "2025-04-17T21:30:37Z",
  "published": "2022-02-25T00:00:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14481"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9HGC-2MC5-JWF8

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23
VLAI
Details

A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-0448"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-05T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users.",
  "id": "GHSA-9hgc-2mc5-jwf8",
  "modified": "2022-05-13T01:23:52Z",
  "published": "2022-05-13T01:23:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0448"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-auth-bypass"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105502"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9HMG-8H4X-RCJ2

Vulnerability from github – Published: 2022-10-11 12:00 – Updated: 2022-10-11 19:00
VLAI
Details

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35226"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-10T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.",
  "id": "GHSA-9hmg-8h4x-rcj2",
  "modified": "2022-10-11T19:00:25Z",
  "published": "2022-10-11T12:00:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35226"
    },
    {
      "type": "WEB",
      "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9M5V-W59R-W83P

Vulnerability from github – Published: 2023-06-07 21:30 – Updated: 2024-04-04 04:39
VLAI
Details

Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33283"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-07T20:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key.",
  "id": "GHSA-9m5v-w59r-w83p",
  "modified": "2024-04-04T04:39:46Z",
  "published": "2023-06-07T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33283"
    },
    {
      "type": "WEB",
      "url": "https://www.cyberskydd.se/cve/2023/CVE-2023-33283.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9MJW-79R6-C9M8

Vulnerability from github – Published: 2024-10-02 06:30 – Updated: 2024-12-04 22:18
VLAI
Summary
Portainer improperly uses an encryption algorithm in the AesEncrypt function
Details

Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/portainer/portainer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.20.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-33662"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-327"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-02T17:58:14Z",
    "nvd_published_at": "2024-10-02T05:15:11Z",
    "severity": "HIGH"
  },
  "details": "Portainer before 2.20.2 improperly uses an encryption algorithm in the `AesEncrypt` function.",
  "id": "GHSA-9mjw-79r6-c9m8",
  "modified": "2024-12-04T22:18:00Z",
  "published": "2024-10-02T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33662"
    },
    {
      "type": "WEB",
      "url": "https://github.com/portainer/portainer/issues/11737"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/portainer/portainer"
    },
    {
      "type": "WEB",
      "url": "https://github.com/portainer/portainer/compare/2.20.1...2.20.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/search?q=repo%3Aportainer%2Fportainer+EE-6764\u0026type=pullrequests"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2024-3172"
    },
    {
      "type": "WEB",
      "url": "https://www.portainer.io"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Portainer improperly uses an encryption algorithm in the AesEncrypt function"
}

Mitigation
Architecture and Design

Use an encryption scheme that is currently considered to be strong by experts in the field.

CAPEC-112: Brute Force

In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.

CAPEC-192: Protocol Analysis

An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.

CAPEC-20: Encryption Brute Forcing

An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.