Inadequate Encryption Strength

CVE-2023-26941

Medium

6.5/10

Summary

Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-326 - Inadequate Encryption Strength

The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References

Advisory Timeline

Published Dec 05, 2023

Inadequate Encryption Strength

CVE-2023-26941

Summary

CWE-326 - Inadequate Encryption Strength

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS