CWE-321 – Use of Hard-coded Cryptographic Key

Read Time:27 Second

Description

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-798
CWE-798
CWE-798

 

Consequences

Access Control: Bypass Protection Mechanism, Gain Privileges or Assume Identity

If hard-coded cryptographic keys are used, it is almost certain that malicious users will gain access through the account in question.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Prevention schemes mirror that of hard-coded password storage.

CVE References