CWE-353 – Missing Support for Integrity Check
Description The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a...
CWE-354 – Improper Validation of Integrity Check Value
Description The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if...
CWE-318 – Cleartext Storage of Sensitive Information in Executable
Description The application stores sensitive information in cleartext in an executable. Attackers can reverse engineer binary code to obtain secret data. This is especially easy...
CWE-319 – Cleartext Transmission of Sensitive Information
Description The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Many communication channels can...
CWE-32 – Path Traversal: ‘…’ (Triple Dot)
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '...' (triple...
CWE-321 – Use of Hard-coded Cryptographic Key
Description The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered. Modes of Introduction: - Architecture and Design...
CWE-322 – Key Exchange without Entity Authentication
Description The software performs a key exchange with an actor without verifying the identity of that actor. Performing a key exchange will preserve the integrity...
CWE-323 – Reusing a Nonce, Key Pair in Encryption
Description Nonces should be used for the present occasion and only once. Nonces are often bundled with a key in a communication exchange to produce...
CWE-324 – Use of a Key Past its Expiration Date
Description The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking...
CWE-325 – Missing Cryptographic Step
Description The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm. Modes of Introduction:...