A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
The software uses a Pseudo-Random Number Generator (PRNG) that does not correctly manage seeds.
The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
The product uses a hashing algorithm that produces a hash value that can be used to determine the original input, or to find an input that can produce the same hash, m...
The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.
The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attac...
This device implements a cryptographic algorithm using a non-standard or unproven cryptographic primitive.
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking a...
Obscuring a password with a trivial encoding does not protect the password.
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...
- Writing Secure Code
Michael Howard, David LeBlanc