CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.6)  

Presentation Filter:

CWE-310: Cryptographic Issues

 
Cryptographic Issues
Category ID: 310 (Category)Status: Draft
+ Description

Description Summary

Weaknesses in this category are related to the use of cryptography.
+ Applicable Platforms

Languages

All

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory254Security Features
Development Concepts (primary)699
ChildOfCategoryCategory934OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure
Weaknesses in OWASP Top Ten (2013) (primary)928
ParentOfWeakness BaseWeakness Base311Missing Encryption of Sensitive Data
Development Concepts (primary)699
ParentOfCategoryCategory320Key Management Errors
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base325Missing Required Cryptographic Step
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class326Inadequate Encryption Strength
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base327Use of a Broken or Risky Cryptographic Algorithm
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base328Reversible One-Way Hash
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant329Not Using a Random IV with CBC Mode
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant780Use of RSA Algorithm without OAEP
Development Concepts (primary)699
MemberOfViewView635Weaknesses Used by NVD
Weaknesses Used by NVD (primary)635
+ Relationship Notes

Some of these can be resultant.

+ Functional Areas
  • Cryptography
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERCryptographic Issues
+ References
[REF-11] M. Howard and D. LeBlanc. "Writing Secure Code". Chapter 8, "Cryptographic Foibles" Page 259. 2nd Edition. Microsoft. 2002.
+ Maintenance Notes

This category is incomplete and needs refinement, as there is good documentation of cryptographic flaws and related attacks.

Relationships between CWE-310, CWE-326, and CWE-327 and all their children need to be reviewed and reorganized.

+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings
2009-07-27CWE Content TeamMITREInternal
updated Maintenance_Notes, Relationship_Notes, Relationships
2009-10-29CWE Content TeamMITREInternal
updated Relationships
2010-02-16CWE Content TeamMITREInternal
updated References
2013-07-17CWE Content TeamMITREInternal
updated Relationships
2014-02-18CWE Content TeamMITREInternal
updated Related_Attack_Patterns
Page Last Updated: February 18, 2014