CWE-326
Allowed-with-ReviewInadequate Encryption Strength
Abstraction: Class · Status: Draft
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
631 vulnerabilities reference this CWE, most recent first.
GHSA-PQX6-3389-5M7R
Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2022-05-24 17:17On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.
{
"affected": [],
"aliases": [
"CVE-2020-5886"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-30T21:15:00Z",
"severity": "MODERATE"
},
"details": "On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.",
"id": "GHSA-pqx6-3389-5m7r",
"modified": "2022-05-24T17:17:01Z",
"published": "2022-05-24T17:17:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5886"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K65720640"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PVVP-X5GJ-XMCR
Vulnerability from github – Published: 2022-05-01 23:57 – Updated: 2024-02-09 03:32libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.
{
"affected": [],
"aliases": [
"CVE-2008-3188"
],
"database_specific": {
"cwe_ids": [
"CWE-326",
"CWE-327"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-07-22T16:41:00Z",
"severity": "MODERATE"
},
"details": "libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.",
"id": "GHSA-pvvp-x5gj-xmcr",
"modified": "2024-02-09T03:32:53Z",
"published": "2022-05-01T23:57:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3188"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43927"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00008.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31096"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31339"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/30301"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PWH9-2464-JCH7
Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512.
{
"affected": [],
"aliases": [
"CVE-2018-1751"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-23T15:29:00Z",
"severity": "HIGH"
},
"details": "IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512.",
"id": "GHSA-pwh9-2464-jch7",
"modified": "2022-05-13T01:32:44Z",
"published": "2022-05-13T01:32:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1751"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148512"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10791829"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106734"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PWM2-HQ35-H422
Vulnerability from github – Published: 2025-07-18 00:30 – Updated: 2026-02-02 15:30Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.
{
"affected": [],
"aliases": [
"CVE-2025-7398"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-17T22:15:27Z",
"severity": "HIGH"
},
"details": "Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.",
"id": "GHSA-pwm2-hq35-h422",
"modified": "2026-02-02T15:30:32Z",
"published": "2025-07-18T00:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7398"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35950"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PWQM-X5X6-5586
Vulnerability from github – Published: 2024-03-28 17:27 – Updated: 2024-04-16 18:51Impact
Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective.
In particular, Cilium is vulnerable to the following attacks by a man-in-the-middle attacker:
- Chosen plaintext attacks
- Key recovery attacks
- Replay attacks
These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks.
Important: After upgrading, users must perform a key rotation using the instructions here to ensure that they are no longer vulnerable to this issue. Please note that the key rotation instructions have recently been updated, and users must use the new instructions to properly establish secure IPsec tunnels. To validate that the new instructions have been followed properly, ensure that the IPsec Kubernetes secret contains a "+" sign.
Patches
All prior versions of Cilium that support IPsec transparent encryption (Cilium 1.4 onwards) are affected by this issue.
Patched versions:
- Cilium 1.15.3
- Cilium 1.14.9
- Cilium 1.13.14
Workarounds
There is no workaround to this issue. IPsec transparent encryption users are strongly encouraged to upgrade.
Acknowledgements
The Cilium community has worked together with members of Cure53 and Isovalent to prepare these mitigations. Special thanks to @NikAleksandrov and @pchaigno for their work on remediating the issue. Thanks to Marsh Ray, Senior Software Developer at Microsoft, for input and guidance on the fix.
For more information
If you have any questions or comments about this advisory, please reach out on Slack.
As usual, if you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list: security@cilium.io - first, before disclosing them in any public forums. This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.13.13"
},
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.13.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.14.7"
},
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium"
},
"ranges": [
{
"events": [
{
"introduced": "1.14.0"
},
{
"fixed": "1.14.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.15.2"
},
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium"
},
"ranges": [
{
"events": [
{
"introduced": "1.15.0"
},
{
"fixed": "1.15.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-28860"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-28T17:27:40Z",
"nvd_published_at": "2024-03-27T19:15:48Z",
"severity": "HIGH"
},
"details": "### Impact\n\nUsers of [IPsec transparent encryption](https://docs.cilium.io/en/stable/security/network/encryption-ipsec/) in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective.\n\nIn particular, Cilium is vulnerable to the following attacks by a man-in-the-middle attacker:\n\n- Chosen plaintext attacks\n- Key recovery attacks\n- Replay attacks\n\nThese attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks.\n\n**Important:** After upgrading, users must perform a key rotation using the instructions [here](https://docs.cilium.io/en/latest/security/network/encryption-ipsec/#key-rotation) to ensure that they are no longer vulnerable to this issue. Please note that the key rotation instructions have recently been updated, and users must use the new instructions to properly establish secure IPsec tunnels. To validate that the new instructions have been followed properly, ensure that the IPsec Kubernetes secret contains a \"+\" sign.\n\n### Patches\n\nAll prior versions of Cilium that support IPsec transparent encryption (Cilium 1.4 onwards) are affected by this issue.\n\nPatched versions:\n\n- Cilium 1.15.3\n- Cilium 1.14.9\n- Cilium 1.13.14\n\n### Workarounds\n\nThere is no workaround to this issue. IPsec transparent encryption users are strongly encouraged to upgrade.\n\n### Acknowledgements\n\nThe Cilium community has worked together with members of Cure53 and Isovalent to prepare these mitigations. Special thanks to @NikAleksandrov and @pchaigno for their work on remediating the issue. Thanks to Marsh Ray, Senior Software Developer at Microsoft, for input and guidance on the fix.\n\n### For more information\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nAs usual, if you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list: [security@cilium.io](mailto:security@cilium.io) - first, before disclosing them in any public forums. This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.",
"id": "GHSA-pwqm-x5x6-5586",
"modified": "2024-04-16T18:51:51Z",
"published": "2024-03-28T17:27:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-pwqm-x5x6-5586"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28860"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/311fbce5280491cddceab178d83b06fa23688c72"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/a1742b478306fa256cd27df1039dfae0537b4149"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/a652c123331852cca90c74202f993d4170fd37fa"
},
{
"type": "WEB",
"url": "https://docs.cilium.io/en/stable/security/network/encryption-ipsec"
},
{
"type": "PACKAGE",
"url": "https://github.com/cilium/cilium"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-2666"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cilium has insecure IPsec transport encryption"
}
GHSA-PXX3-R5WF-5FR5
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-07-13 00:00IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.
{
"affected": [],
"aliases": [
"CVE-2020-4965"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-12T18:15:00Z",
"severity": "HIGH"
},
"details": "IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.",
"id": "GHSA-pxx3-r5wf-5fr5",
"modified": "2022-07-13T00:00:51Z",
"published": "2022-05-24T17:47:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4965"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192422"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6441803"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q37W-H76H-2G8Q
Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140.
{
"affected": [],
"aliases": [
"CVE-2018-0131"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-14T16:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140.",
"id": "GHSA-q37w-h76h-2g8q",
"modified": "2022-05-13T01:35:46Z",
"published": "2022-05-13T01:35:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0131"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180813-rsa-nonce"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105074"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041539"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q3JJ-G7J2-XCMC
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.
{
"affected": [],
"aliases": [
"CVE-2018-19001"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-07T14:29:00Z",
"severity": "MODERATE"
},
"details": "Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.",
"id": "GHSA-q3jj-g7j2-xcmc",
"modified": "2022-05-13T01:33:39Z",
"published": "2022-05-13T01:33:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19001"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106126"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-Q4F7-2Q7H-48W2
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-10-22 12:00Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider.
{
"affected": [],
"aliases": [
"CVE-2020-26197"
],
"database_specific": {
"cwe_ids": [
"CWE-319",
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-20T17:15:00Z",
"severity": "CRITICAL"
},
"details": "Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider.",
"id": "GHSA-q4f7-2q7h-48w2",
"modified": "2022-10-22T12:00:30Z",
"published": "2022-05-24T17:48:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26197"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/000185202"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q557-C2GH-WM95
Vulnerability from github – Published: 2023-02-11 03:32 – Updated: 2023-02-21 18:30Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2022-34445"
],
"database_specific": {
"cwe_ids": [
"CWE-261",
"CWE-326",
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-11T01:23:00Z",
"severity": "MODERATE"
},
"details": "Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.",
"id": "GHSA-q557-c2gh-wm95",
"modified": "2023-02-21T18:30:24Z",
"published": "2023-02-11T03:32:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34445"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Use an encryption scheme that is currently considered to be strong by experts in the field.
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-192: Protocol Analysis
An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.
CAPEC-20: Encryption Brute Forcing
An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.