Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/
Weak Crypto
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Weak Crypto
This page lists
24 vulnerabilities
in this category.
High: 11
Medium: 11
Low: 1
Information: 1
Vulnerability Name
CVE
CWE
Severity
WordPress plugin WPtouch insecure nonce generation
-
CWE-287
High
CodeIgniter weak encryption key
-
CWE-200
High
The DROWN attack (SSLv2 supported)
CVE-2016-0800
CWE-310
High
The Heartbleed Bug
CVE-2014-0160
CWE-200
High
Oracle JavaServer Faces multiple vulnerabilities
CVE-2013-3827
CWE-22
High
PrimeFaces 5.x Expression Language injection
CVE-2017-1000486
-
High
Telerik.Web.UI.dll Cryptographic Weakness
CVE-2017-9248
CWE-338
High
Insecure Transportation Security Protocol Supported (TLS 1.0)
-
CWE-326
High
Insecure Transportation Security Protocol Supported (SSLv2)
-
CWE-326
High
Insecure Transportation Security Protocol Supported (SSLv3)
-
CWE-326
High
Padding oracle attack
-
CWE-209
High
TLS/SSL Sweet32 attack
CVE-2016-6329
CWE-310
Medium
SSL/TLS Not Implemented
-
CWE-319
Medium
The POODLE attack (SSLv3 with CBC cipher suites)
CVE-2014-3566
CWE-326
Medium
HTTPS connection uses outdated TLS version
-
CWE-310
Medium
CRIME SSL/TLS attack
CVE-2012-4929
CWE-310
Medium
HTTPS connection with weak key length
-
CWE-310
Medium
TLS/SSL Weak Cipher Suites
-
CWE-310
Medium
TLS/SSL LOGJAM attack
CVE-2015-4000
CWE-310
Medium
The FREAK attack
CVE-2015-0204
CWE-310
Medium
TLS/SSL certificate key size too small
-
CWE-310
Medium
Insecure usage of Version 1 UUID/GUID
-
CWE-328
Medium
Insecure Transportation Security Protocol Supported (TLS 1.1)
-
CWE-326
Low
TLS/SSL (EC)DHE Key Reuse
-
CWE-310
Information
