CWE-326
Allowed-with-ReviewInadequate Encryption Strength
Abstraction: Class · Status: Draft
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
633 vulnerabilities reference this CWE, most recent first.
GHSA-Q4F7-2Q7H-48W2
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-10-22 12:00Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider.
{
"affected": [],
"aliases": [
"CVE-2020-26197"
],
"database_specific": {
"cwe_ids": [
"CWE-319",
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-20T17:15:00Z",
"severity": "CRITICAL"
},
"details": "Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider.",
"id": "GHSA-q4f7-2q7h-48w2",
"modified": "2022-10-22T12:00:30Z",
"published": "2022-05-24T17:48:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26197"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/000185202"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q557-C2GH-WM95
Vulnerability from github – Published: 2023-02-11 03:32 – Updated: 2023-02-21 18:30Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2022-34445"
],
"database_specific": {
"cwe_ids": [
"CWE-261",
"CWE-326",
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-11T01:23:00Z",
"severity": "MODERATE"
},
"details": "Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.",
"id": "GHSA-q557-c2gh-wm95",
"modified": "2023-02-21T18:30:24Z",
"published": "2023-02-11T03:32:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34445"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q56W-X564-6HW9
Vulnerability from github – Published: 2023-06-23 18:30 – Updated: 2024-04-04 05:08The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox
{
"affected": [],
"aliases": [
"CVE-2023-32414"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-23T18:15:13Z",
"severity": "HIGH"
},
"details": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox",
"id": "GHSA-q56w-x564-6hw9",
"modified": "2024-04-04T05:08:18Z",
"published": "2023-06-23T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32414"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213758"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q59M-G738-4273
Vulnerability from github – Published: 2024-04-17 21:30 – Updated: 2025-02-04 18:30Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.
{
"affected": [],
"aliases": [
"CVE-2024-29951"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T20:15:08Z",
"severity": "MODERATE"
},
"details": "Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.",
"id": "GHSA-q59m-g738-4273",
"modified": "2025-02-04T18:30:43Z",
"published": "2024-04-17T21:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29951"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23237"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q6MH-RQWH-G786
Vulnerability from github – Published: 2026-05-07 21:08 – Updated: 2026-05-15 23:45Summary
No minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte.
HS256 secrets below 32 bytes are brute-forceable offline, allowing attackers to recover the signing key and forge valid JWTs for arbitrary users.
Impact
An attacker who captures a single valid JWT (e.g, from cookies, logs, or network traffic) can:
> Crack the signing secret offline using brute-force or wordlist attacks > Forge valid JWTs for any user ID (including administrators) > Authenticate without knowing any credentials
This results in full account takeover across the entire application with no server-side detection or rate limiting possible.
Details
In backend/config/utils.go, the Base64Decoded.UnmarshalText function decodes the JWT secret but does not validate its length or entropy.
In backend/core/auth.go, JWT tokens are signed using HS256 without enforcing minimum key size requirements.
According to RFC 7518 Section 3.2, HS256 keys must be at least 256 bits (32 bytes). Libraries such as PyJWT explicitly warn against shorter keys, but note-mark performs no such validation.
PoC
1- Deploy note-mark with a weak secret:
JWT_SECRET = base64("testsecret123456789012345")
2- Register an account and capture the Auth-Session-Token cookie
3- Crack the secret offline (example using Python):
python
import jwt, base64
jwt.decode(TOKEN, base64.b64decode(SECRET), algorithms=["HS256"])
4- Forge a new token for any user UUID with extended expiry
5- Send the forged token in requests → server returns 200 Ok and authenticates as that user
Reproduction Steps
1- Deploy the application with a JWT secret shorter than 32 bytes (after base64 decoding) 2- Authenticate and capture a valid JWT 3- Perform offline brute-force or dictionary attack against the token signature 4- Recover the secret 5- Generate a forged JWT for another user 6- Use the forged token to access protected endpoints
Fix Recommendation
- Enforce a minimum of 32 bytes (256 bits) for JWT secrets after base64 decoding
- Reject weak secrets during configuration parsing (e.g., in
Base64Decoded.UnmarshalTextor config validation) - Optionally log warnings or fail startup if the secret is insecure
Resources
- RFC 7518 Section 3.2 (JSON Web Algorithms - HMAC key size requirements)
- CWE-326: Inadequate Encryption Strength
- CWE-345: Insufficient Verification of Data Authenticity
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/enchant97/note-mark/backend"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20260501152247-18b587758667"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44523"
],
"database_specific": {
"cwe_ids": [
"CWE-326",
"CWE-345"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-07T21:08:10Z",
"nvd_published_at": "2026-05-14T19:16:37Z",
"severity": "CRITICAL"
},
"details": "#### Summary\n\nNo minimum length or entropy is enforced on the `JWT_SECRET` configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte.\n\nHS256 secrets below 32 bytes are brute-forceable offline, allowing attackers to recover the signing key and forge valid JWTs for arbitrary users.\n\n---\n\n#### Impact\n\nAn attacker who captures a single valid JWT (e.g, from cookies, logs, or network traffic) can:\n\n\\\u003e Crack the signing secret offline using brute-force or wordlist attacks\n\\\u003e Forge valid JWTs for any user ID (including administrators)\n\\\u003e Authenticate without knowing any credentials\n\nThis results in **full account takeover across the entire application** with no server-side detection or rate limiting possible.\n\n---\n\n#### Details\n\nIn `backend/config/utils.go`, the `Base64Decoded.UnmarshalText` function decodes the JWT secret but does not validate its length or entropy.\n\nIn `backend/core/auth.go`, JWT tokens are signed using HS256 without enforcing minimum key size requirements.\n\nAccording to **RFC 7518 Section 3.2**, HS256 keys must be at least 256 bits (32 bytes). Libraries such as PyJWT explicitly warn against shorter keys, but note-mark performs no such validation.\n\n---\n\n### PoC\n\n1- Deploy note-mark with a weak secret:\n\n ```\n JWT_SECRET = base64(\"testsecret123456789012345\")\n ```\n\n2- Register an account and capture the `Auth-Session-Token` cookie\n\n3- Crack the secret offline (example using Python):\n\n ```python\n import jwt, base64\n jwt.decode(TOKEN, base64.b64decode(SECRET), algorithms=[\"HS256\"])\n ```\n\n4- Forge a new token for any user UUID with extended expiry\n\n5- Send the forged token in requests \u2192 server returns **200 Ok** and authenticates as that user\n\n---\n\n### Reproduction Steps\n\n1- Deploy the application with a JWT secret shorter than 32 bytes (after base64 decoding)\n2- Authenticate and capture a valid JWT\n3- Perform offline brute-force or dictionary attack against the token signature\n4- Recover the secret\n5- Generate a forged JWT for another user\n6- Use the forged token to access protected endpoints\n\n---\n\n### Fix Recommendation\n\n* Enforce a **minimum of 32 bytes (256 bits)** for JWT secrets after base64 decoding\n* Reject weak secrets during configuration parsing (e.g., in `Base64Decoded.UnmarshalText` or config validation)\n* Optionally log warnings or fail startup if the secret is insecure\n\n---\n\n### Resources\n\n* RFC 7518 Section 3.2 (JSON Web Algorithms - HMAC key size requirements)\n* CWE-326: Inadequate Encryption Strength\n* CWE-345: Insufficient Verification of Data Authenticity\n\n---",
"id": "GHSA-q6mh-rqwh-g786",
"modified": "2026-05-15T23:45:05Z",
"published": "2026-05-07T21:08:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/enchant97/note-mark/security/advisories/GHSA-q6mh-rqwh-g786"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44523"
},
{
"type": "WEB",
"url": "https://github.com/enchant97/note-mark/commit/18b58775866776ed400c403dd0ccad68c1fa4802"
},
{
"type": "PACKAGE",
"url": "https://github.com/enchant97/note-mark"
},
{
"type": "WEB",
"url": "https://github.com/enchant97/note-mark/releases/tag/v0.19.4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery"
}
GHSA-Q745-XH9X-889X
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.
{
"affected": [],
"aliases": [
"CVE-2021-20369"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T16:15:00Z",
"severity": "MODERATE"
},
"details": "IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.",
"id": "GHSA-q745-xh9x-889x",
"modified": "2022-05-24T19:07:33Z",
"published": "2022-05-24T19:07:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20369"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195361"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6471331"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q7V6-V4WG-H8M2
Vulnerability from github – Published: 2024-10-17 15:31 – Updated: 2024-11-05 21:30Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.
{
"affected": [],
"aliases": [
"CVE-2023-6728"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-17T13:15:12Z",
"severity": "LOW"
},
"details": "Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.",
"id": "GHSA-q7v6-v4wg-h8m2",
"modified": "2024-11-05T21:30:32Z",
"published": "2024-10-17T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6728"
},
{
"type": "WEB",
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6728"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QC34-RVRG-F2Q8
Vulnerability from github – Published: 2022-12-26 06:30 – Updated: 2023-01-05 21:30Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.
{
"affected": [],
"aliases": [
"CVE-2022-24116"
],
"database_specific": {
"cwe_ids": [
"CWE-325",
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-26T05:15:00Z",
"severity": "CRITICAL"
},
"details": "Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.",
"id": "GHSA-qc34-rvrg-f2q8",
"modified": "2023-01-05T21:30:16Z",
"published": "2022-12-26T06:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24116"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QC4J-HRJ6-CPPF
Vulnerability from github – Published: 2023-11-21 00:30 – Updated: 2024-11-22 20:43An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "upydev"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.4.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-48051"
],
"database_specific": {
"cwe_ids": [
"CWE-326"
],
"github_reviewed": true,
"github_reviewed_at": "2023-11-29T21:45:39Z",
"nvd_published_at": "2023-11-20T23:15:06Z",
"severity": "HIGH"
},
"details": "An issue in `/upydev/keygen.py` in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding.",
"id": "GHSA-qc4j-hrj6-cppf",
"modified": "2024-11-22T20:43:24Z",
"published": "2023-11-21T00:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48051"
},
{
"type": "WEB",
"url": "https://github.com/Carglglz/upydev/issues/38"
},
{
"type": "PACKAGE",
"url": "https://github.com/Carglglz/upydev"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/upydev/PYSEC-2023-302.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "upydev has weak encryption padding"
}
GHSA-QCGX-7P5F-HXVR
Vulnerability from github – Published: 2022-03-29 22:11 – Updated: 2022-03-29 22:11Description
It was possible to confirm a single character of a user's password hash (just the hash, not the password) using a specially crafted regular expression filter in the users endpoint of the REST API. Many requests could eventually uncover the entire hash.
The hash would not be in the response, however the presence or absence of a result would confirm if the character was in the right position. It would take a long time since the API has throttling enabled by default.
Additionally, the REST API would need to be enabled, as well as the users endpoint. Both of which are disabled by default.
Resolution
Filtering by password or password hash has been disabled.
Credits
We would like to thank Thibaud Kehler for reporting the issue.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "statamic/cms"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.39"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "statamic/cms"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"fixed": "3.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24784"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-203",
"CWE-326"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-29T22:11:45Z",
"nvd_published_at": "2022-03-25T22:15:00Z",
"severity": "LOW"
},
"details": "## Description\n\nIt was possible to confirm a single character of a user\u0027s password hash (just the hash, not the password) using a specially crafted regular expression filter in the users endpoint of the REST API. Many requests could eventually uncover the entire hash.\n\nThe hash would not be in the response, however the presence or absence of a result would confirm if the character was in the right position. It would take a long time since the API has throttling enabled by default.\n\nAdditionally, the REST API would need to be enabled, as well as the users endpoint. Both of which are disabled by default.\n\n## Resolution\n\nFiltering by password or password hash has been disabled.\n\n## Credits\n\nWe would like to thank Thibaud Kehler for reporting the issue.",
"id": "GHSA-qcgx-7p5f-hxvr",
"modified": "2022-03-29T22:11:45Z",
"published": "2022-03-29T22:11:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/statamic/cms/security/advisories/GHSA-qcgx-7p5f-hxvr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24784"
},
{
"type": "WEB",
"url": "https://github.com/statamic/cms/issues/5604"
},
{
"type": "WEB",
"url": "https://github.com/statamic/cms/pull/5568"
},
{
"type": "PACKAGE",
"url": "https://github.com/statamic/cms"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Discoverability of user password hash in Statamic CMS"
}
Mitigation
Use an encryption scheme that is currently considered to be strong by experts in the field.
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-192: Protocol Analysis
An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.
CAPEC-20: Encryption Brute Forcing
An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.