Read Time:21 Second

Description

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-573
CWE-358

 

Consequences

Access Control: Bypass Protection Mechanism

Confidentiality, Integrity: Read Application Data, Modify Application Data

Accountability, Non-Repudiation: Hide Activities

 

Potential Mitigations

CVE References

  • CVE-2001-1585
    • Missing challenge-response step allows authentication bypass using public key.