CVE-2022-37177

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-327
View all →

Vulnerability Description

HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption.

Related Vulnerabilities

CVE-2002-2058

HIGH
CVSS:7.5(High)

TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash...

CWE-3272002

CVE-2005-2946

HIGH
CVSS:7.5(High)

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certif...

CWE-3272005

CVE-2007-4150

HIGH
CVSS:7.5(High)

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information ...

CWE-3272007

CVE-2008-3188

HIGH
CVSS:7.5(High)

libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.

CWE-3272008

CVE-2012-5623

HIGH
CVSS:7.5(High)

Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.

CWE-3272012

CVE-2015-0226

HIGH
CVSS:7.5(High)

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to...

CWE-3272015