CWE-334 – Small Space of Random Values
Description The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks. Modes of Introduction:...
CWE-335 – Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Description The software uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds. Modes of Introduction: - Architecture and Design Related...
CWE-336 – Same Seed in Pseudo-Random Number Generator (PRNG)
Description A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized. Given the deterministic nature of PRNGs, using the same...
CWE-299 – Improper Check for Certificate Revocation
Description The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has...
CWE-30 – Path Traversal: ‘dir..filename’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize 'dir..filename' (leading...
CWE-300 – Channel Accessible by Non-Endpoint
Description The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity...
CWE-301 – Reflection Attack in an Authentication Protocol
Description Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user. Modes of...
CWE-302 – Authentication Bypass by Assumed-Immutable Data
Description The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker....
CWE-303 – Incorrect Implementation of Authentication Algorithm
Description The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. This incorrect implementation...
CWE-304 – Missing Critical Step in Authentication
Description The software implements an authentication technique, but it skips a step that weakens the technique. Authentication techniques should follow the algorithms that define them...