Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Weak Crypto

This page lists 24 vulnerabilities in this category.

High: 11 Medium: 11 Low: 1 Information: 1
Vulnerability Name
CVE
CWE
Severity
WordPress plugin WPtouch insecure nonce generation
-
CWE-287
High
CodeIgniter weak encryption key
-
CWE-200
High
The DROWN attack (SSLv2 supported)
CVE-2016-0800
CWE-327
High
The Heartbleed Bug
CVE-2014-0160
CWE-200
High
Oracle JavaServer Faces multiple vulnerabilities
CVE-2013-3827
CWE-22
High
PrimeFaces 5.x Expression Language injection
CVE-2017-1000486
-
High
Telerik.Web.UI.dll Cryptographic Weakness
CVE-2017-9248
CWE-338
High
Insecure Transportation Security Protocol Supported (TLS 1.0)
-
CWE-326
High
Insecure Transportation Security Protocol Supported (SSLv2)
-
CWE-326
High
Insecure Transportation Security Protocol Supported (SSLv3)
-
CWE-326
High
Padding oracle attack
-
CWE-209
High
TLS/SSL Sweet32 attack
CVE-2016-6329
CWE-327
Medium
SSL/TLS Not Implemented
-
CWE-319
Medium
The POODLE attack (SSLv3 with CBC cipher suites)
CVE-2014-3566
CWE-326
Medium
HTTPS connection uses outdated TLS version
-
CWE-327
Medium
CRIME SSL/TLS attack
CVE-2012-4929
CWE-311
Medium
HTTPS connection with weak key length
-
CWE-326
Medium
TLS/SSL Weak Cipher Suites
-
CWE-327
Medium
TLS/SSL LOGJAM attack
CVE-2015-4000
CWE-326
Medium
The FREAK attack
CVE-2015-0204
CWE-327
Medium
TLS/SSL certificate key size too small
-
CWE-326
Medium
Insecure usage of Version 1 UUID/GUID
-
CWE-328
Medium
Insecure Transportation Security Protocol Supported (TLS 1.1)
-
CWE-326
Low
TLS/SSL (EC)DHE Key Reuse
-
CWE-327
Information