4 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase. • http://www.securityfocus.com/archive/1/311176 https://exchange.xforce.ibmcloud.com/vulnerabilities/11297 • CWE-310: Cryptographic Issues •

CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0

CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data. • http://www.securityfocus.com/archive/1/311176 http://www.securityfocus.com/bid/6812 https://exchange.xforce.ibmcloud.com/vulnerabilities/11317 • CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks. • http://www.securityfocus.com/archive/1/311176 http://www.securityfocus.com/bid/6815 https://exchange.xforce.ibmcloud.com/vulnerabilities/11294 • CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase. • http://www.securityfocus.com/archive/1/311176 http://www.securityfocus.com/bid/6810 https://exchange.xforce.ibmcloud.com/vulnerabilities/11298 • CWE-310: Cryptographic Issues •