CWE-325 – Missing Cryptographic Step
Description The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm. Modes of Introduction:...
CWE-324 – Use of a Key Past its Expiration Date
Description The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking...
CWE-323 – Reusing a Nonce, Key Pair in Encryption
Description Nonces should be used for the present occasion and only once. Nonces are often bundled with a key in a communication exchange to produce...
CWE-322 – Key Exchange without Entity Authentication
Description The software performs a key exchange with an actor without verifying the identity of that actor. Performing a key exchange will preserve the integrity...
CWE-321 – Use of Hard-coded Cryptographic Key
Description The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered. Modes of Introduction: - Architecture and Design...
CWE-32 – Path Traversal: ‘…’ (Triple Dot)
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '...' (triple...
CWE-319 – Cleartext Transmission of Sensitive Information
Description The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Many communication channels can...
CWE-318 – Cleartext Storage of Sensitive Information in Executable
Description The application stores sensitive information in cleartext in an executable. Attackers can reverse engineer binary code to obtain secret data. This is especially easy...
CWE-317 – Cleartext Storage of Sensitive Information in GUI
Description The application stores sensitive information in cleartext within the GUI. An attacker can often obtain data from a GUI, even if hidden, by using...
CWE-316 – Cleartext Storage of Sensitive Information in Memory
Description The application stores sensitive information in cleartext in memory. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-312 Consequences Confidentiality:...