CWE-326 – Inadequate Encryption Strength
Description The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of...
CWE-327 – Use of a Broken or Risky Cryptographic Algorithm
Description The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. The use...
CWE-328 – Use of Weak Hash
Description The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an...
CWE-329 – Generation of Predictable IV with CBC Mode
Description The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary...
CWE-33 – Path Traversal: ‘….’ (Multiple Dot)
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....' (multiple...
CWE-330 – Use of Insufficiently Random Values
Description The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. When software generates predictable values in a...
CWE-331 – Insufficient Entropy
Description The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than...
CWE-332 – Insufficient Entropy in PRNG
Description The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat. Modes of Introduction:...
CWE-333 – Improper Handling of Insufficient Entropy in TRNG
Description True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block. The rate at which true random...
CWE-334 – Small Space of Random Values
Description The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks. Modes of Introduction:...