Common Weakness Enumeration

CWE-326

Allowed-with-Review

Inadequate Encryption Strength

Abstraction: Class · Status: Draft

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

633 vulnerabilities reference this CWE, most recent first.

GHSA-Q4F7-2Q7H-48W2

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-10-22 12:00
VLAI
Details

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-26197"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319",
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-20T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider.",
  "id": "GHSA-q4f7-2q7h-48w2",
  "modified": "2022-10-22T12:00:30Z",
  "published": "2022-05-24T17:48:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26197"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/000185202"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q557-C2GH-WM95

Vulnerability from github – Published: 2023-02-11 03:32 – Updated: 2023-02-21 18:30
VLAI
Details

Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34445"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-261",
      "CWE-326",
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-11T01:23:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.",
  "id": "GHSA-q557-c2gh-wm95",
  "modified": "2023-02-21T18:30:24Z",
  "published": "2023-02-11T03:32:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34445"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q56W-X564-6HW9

Vulnerability from github – Published: 2023-06-23 18:30 – Updated: 2024-04-04 05:08
VLAI
Details

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32414"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-23T18:15:13Z",
    "severity": "HIGH"
  },
  "details": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox",
  "id": "GHSA-q56w-x564-6hw9",
  "modified": "2024-04-04T05:08:18Z",
  "published": "2023-06-23T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32414"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213758"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q59M-G738-4273

Vulnerability from github – Published: 2024-04-17 21:30 – Updated: 2025-02-04 18:30
VLAI
Details

Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-29951"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T20:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.",
  "id": "GHSA-q59m-g738-4273",
  "modified": "2025-02-04T18:30:43Z",
  "published": "2024-04-17T21:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29951"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23237"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6MH-RQWH-G786

Vulnerability from github – Published: 2026-05-07 21:08 – Updated: 2026-05-15 23:45
VLAI
Summary
Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery
Details

Summary

No minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte.

HS256 secrets below 32 bytes are brute-forceable offline, allowing attackers to recover the signing key and forge valid JWTs for arbitrary users.


Impact

An attacker who captures a single valid JWT (e.g, from cookies, logs, or network traffic) can:

> Crack the signing secret offline using brute-force or wordlist attacks > Forge valid JWTs for any user ID (including administrators) > Authenticate without knowing any credentials

This results in full account takeover across the entire application with no server-side detection or rate limiting possible.


Details

In backend/config/utils.go, the Base64Decoded.UnmarshalText function decodes the JWT secret but does not validate its length or entropy.

In backend/core/auth.go, JWT tokens are signed using HS256 without enforcing minimum key size requirements.

According to RFC 7518 Section 3.2, HS256 keys must be at least 256 bits (32 bytes). Libraries such as PyJWT explicitly warn against shorter keys, but note-mark performs no such validation.


PoC

1- Deploy note-mark with a weak secret:

JWT_SECRET = base64("testsecret123456789012345")

2- Register an account and capture the Auth-Session-Token cookie

3- Crack the secret offline (example using Python):

python import jwt, base64 jwt.decode(TOKEN, base64.b64decode(SECRET), algorithms=["HS256"])

4- Forge a new token for any user UUID with extended expiry

5- Send the forged token in requests → server returns 200 Ok and authenticates as that user


Reproduction Steps

1- Deploy the application with a JWT secret shorter than 32 bytes (after base64 decoding) 2- Authenticate and capture a valid JWT 3- Perform offline brute-force or dictionary attack against the token signature 4- Recover the secret 5- Generate a forged JWT for another user 6- Use the forged token to access protected endpoints


Fix Recommendation

  • Enforce a minimum of 32 bytes (256 bits) for JWT secrets after base64 decoding
  • Reject weak secrets during configuration parsing (e.g., in Base64Decoded.UnmarshalText or config validation)
  • Optionally log warnings or fail startup if the secret is insecure

Resources

  • RFC 7518 Section 3.2 (JSON Web Algorithms - HMAC key size requirements)
  • CWE-326: Inadequate Encryption Strength
  • CWE-345: Insufficient Verification of Data Authenticity

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/enchant97/note-mark/backend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20260501152247-18b587758667"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-345"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-07T21:08:10Z",
    "nvd_published_at": "2026-05-14T19:16:37Z",
    "severity": "CRITICAL"
  },
  "details": "#### Summary\n\nNo minimum length or entropy is enforced on the `JWT_SECRET` configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte.\n\nHS256 secrets below 32 bytes are brute-forceable offline, allowing attackers to recover the signing key and forge valid JWTs for arbitrary users.\n\n---\n\n#### Impact\n\nAn attacker who captures a single valid JWT (e.g, from cookies, logs, or network traffic) can:\n\n\\\u003e Crack the signing secret offline using brute-force or wordlist attacks\n\\\u003e Forge valid JWTs for any user ID (including administrators)\n\\\u003e Authenticate without knowing any credentials\n\nThis results in **full account takeover across the entire application** with no server-side detection or rate limiting possible.\n\n---\n\n#### Details\n\nIn `backend/config/utils.go`, the `Base64Decoded.UnmarshalText` function decodes the JWT secret but does not validate its length or entropy.\n\nIn `backend/core/auth.go`, JWT tokens are signed using HS256 without enforcing minimum key size requirements.\n\nAccording to **RFC 7518 Section 3.2**, HS256 keys must be at least 256 bits (32 bytes). Libraries such as PyJWT explicitly warn against shorter keys, but note-mark performs no such validation.\n\n---\n\n### PoC\n\n1- Deploy note-mark with a weak secret:\n\n   ```\n   JWT_SECRET = base64(\"testsecret123456789012345\")\n   ```\n\n2- Register an account and capture the `Auth-Session-Token` cookie\n\n3- Crack the secret offline (example using Python):\n\n   ```python\n   import jwt, base64\n   jwt.decode(TOKEN, base64.b64decode(SECRET), algorithms=[\"HS256\"])\n   ```\n\n4- Forge a new token for any user UUID with extended expiry\n\n5- Send the forged token in requests \u2192 server returns **200 Ok** and authenticates as that user\n\n---\n\n### Reproduction Steps\n\n1- Deploy the application with a JWT secret shorter than 32 bytes (after base64 decoding)\n2- Authenticate and capture a valid JWT\n3- Perform offline brute-force or dictionary attack against the token signature\n4- Recover the secret\n5- Generate a forged JWT for another user\n6- Use the forged token to access protected endpoints\n\n---\n\n### Fix Recommendation\n\n* Enforce a **minimum of 32 bytes (256 bits)** for JWT secrets after base64 decoding\n* Reject weak secrets during configuration parsing (e.g., in `Base64Decoded.UnmarshalText` or config validation)\n* Optionally log warnings or fail startup if the secret is insecure\n\n---\n\n### Resources\n\n* RFC 7518 Section 3.2 (JSON Web Algorithms - HMAC key size requirements)\n* CWE-326: Inadequate Encryption Strength\n* CWE-345: Insufficient Verification of Data Authenticity\n\n---",
  "id": "GHSA-q6mh-rqwh-g786",
  "modified": "2026-05-15T23:45:05Z",
  "published": "2026-05-07T21:08:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/enchant97/note-mark/security/advisories/GHSA-q6mh-rqwh-g786"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44523"
    },
    {
      "type": "WEB",
      "url": "https://github.com/enchant97/note-mark/commit/18b58775866776ed400c403dd0ccad68c1fa4802"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/enchant97/note-mark"
    },
    {
      "type": "WEB",
      "url": "https://github.com/enchant97/note-mark/releases/tag/v0.19.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery"
}

GHSA-Q745-XH9X-889X

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20369"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-13T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.",
  "id": "GHSA-q745-xh9x-889x",
  "modified": "2022-05-24T19:07:33Z",
  "published": "2022-05-24T19:07:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20369"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195361"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6471331"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q7V6-V4WG-H8M2

Vulnerability from github – Published: 2024-10-17 15:31 – Updated: 2024-11-05 21:30
VLAI
Details

Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6728"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-17T13:15:12Z",
    "severity": "LOW"
  },
  "details": "Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.",
  "id": "GHSA-q7v6-v4wg-h8m2",
  "modified": "2024-11-05T21:30:32Z",
  "published": "2024-10-17T15:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6728"
    },
    {
      "type": "WEB",
      "url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6728"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QC34-RVRG-F2Q8

Vulnerability from github – Published: 2022-12-26 06:30 – Updated: 2023-01-05 21:30
VLAI
Details

Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24116"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-325",
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-26T05:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.",
  "id": "GHSA-qc34-rvrg-f2q8",
  "modified": "2023-01-05T21:30:16Z",
  "published": "2022-12-26T06:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24116"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QC4J-HRJ6-CPPF

Vulnerability from github – Published: 2023-11-21 00:30 – Updated: 2024-11-22 20:43
VLAI
Summary
upydev has weak encryption padding
Details

An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "upydev"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-48051"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-29T21:45:39Z",
    "nvd_published_at": "2023-11-20T23:15:06Z",
    "severity": "HIGH"
  },
  "details": "An issue in `/upydev/keygen.py` in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding.",
  "id": "GHSA-qc4j-hrj6-cppf",
  "modified": "2024-11-22T20:43:24Z",
  "published": "2023-11-21T00:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48051"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Carglglz/upydev/issues/38"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Carglglz/upydev"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/upydev/PYSEC-2023-302.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "upydev has weak encryption padding"
}

GHSA-QCGX-7P5F-HXVR

Vulnerability from github – Published: 2022-03-29 22:11 – Updated: 2022-03-29 22:11
VLAI
Summary
Discoverability of user password hash in Statamic CMS
Details

Description

It was possible to confirm a single character of a user's password hash (just the hash, not the password) using a specially crafted regular expression filter in the users endpoint of the REST API. Many requests could eventually uncover the entire hash.

The hash would not be in the response, however the presence or absence of a result would confirm if the character was in the right position. It would take a long time since the API has throttling enabled by default.

Additionally, the REST API would need to be enabled, as well as the users endpoint. Both of which are disabled by default.

Resolution

Filtering by password or password hash has been disabled.

Credits

We would like to thank Thibaud Kehler for reporting the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "statamic/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.39"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "statamic/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.3.0"
            },
            {
              "fixed": "3.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24784"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-203",
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-29T22:11:45Z",
    "nvd_published_at": "2022-03-25T22:15:00Z",
    "severity": "LOW"
  },
  "details": "## Description\n\nIt was possible to confirm a single character of a user\u0027s password hash (just the hash, not the password) using a specially crafted regular expression filter in the users endpoint of the REST API. Many requests could eventually uncover the entire hash.\n\nThe hash would not be in the response, however the presence or absence of a result would confirm if the character was in the right position. It would take a long time since the API has throttling enabled by default.\n\nAdditionally, the REST API would need to be enabled, as well as the users endpoint. Both of which are disabled by default.\n\n## Resolution\n\nFiltering by password or password hash has been disabled.\n\n## Credits\n\nWe would like to thank Thibaud Kehler for reporting the issue.",
  "id": "GHSA-qcgx-7p5f-hxvr",
  "modified": "2022-03-29T22:11:45Z",
  "published": "2022-03-29T22:11:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/statamic/cms/security/advisories/GHSA-qcgx-7p5f-hxvr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24784"
    },
    {
      "type": "WEB",
      "url": "https://github.com/statamic/cms/issues/5604"
    },
    {
      "type": "WEB",
      "url": "https://github.com/statamic/cms/pull/5568"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/statamic/cms"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Discoverability of user password hash in Statamic CMS"
}

Mitigation
Architecture and Design

Use an encryption scheme that is currently considered to be strong by experts in the field.

CAPEC-112: Brute Force

In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.

CAPEC-192: Protocol Analysis

An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.

CAPEC-20: Encryption Brute Forcing

An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.