Inadequate Encryption Strength

CVE-2021-38121

High

8.3/10

Summary

Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: LOW

CWE-326 - Inadequate Encryption Strength

The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References

Advisory Timeline

Published Aug 28, 2024

Inadequate Encryption Strength

CVE-2021-38121

Summary

CWE-326 - Inadequate Encryption Strength

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS