A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or ...
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.
To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptog...
The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attac...
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking at...
The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably...
Obscuring a password with a trivial encoding does not protect the password.
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...