OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary ...

The product uses a scheme that generates numbers or identifiers that are more predictable than required.

The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resou...

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

The product performs a key exchange with an actor without verifying the identity of that actor.

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.

Nonces should be used for the present occasion and only once.

A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized.

A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mecha...

Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

The product uses a broken or risky cryptographic algorithm or protocol.

The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attac...

The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product uses a predictable salt as part of th...

The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of t...

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking at...

The product uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably...

Obscuring a password with a trivial encoding does not protect the password.

Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniqu...

Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2007.

Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2010.

CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2021.