CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.6)  

CWE-310: Cryptographic Issues

 
Cryptographic Issues
Category ID: 310 (Category)Status: Draft
+ Description

Description Summary

Weaknesses in this category are related to the use of cryptography.
+ Applicable Platforms

Languages

All

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory254Security Features
Development Concepts (primary)699
CanAlsoBeWeakness BaseWeakness Base208Timing Discrepancy Information Leak
Research Concepts1000
CanAlsoBeWeakness BaseWeakness Base226Sensitive Information Uncleared Before Release
Research Concepts1000
ParentOfWeakness BaseWeakness Base311Failure to Encrypt Sensitive Data
Development Concepts (primary)699
ParentOfCategoryCategory320Key Management Errors
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base325Missing Required Cryptographic Step
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class326Inadequate Encryption Strength
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base327Use of a Broken or Risky Cryptographic Algorithm
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base328Reversible One-Way Hash
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant329Not Using a Random IV with CBC Mode
Development Concepts (primary)699
MemberOfViewView635Weaknesses Used by NVD
Weaknesses Used by NVD (primary)635
ParentOfWeakness VariantWeakness Variant780Use of RSA Algorithm without OAEP
Development Concepts (primary)699
+ Relationship Notes

Some of these can be resultant.

+ Functional Areas
  • Cryptography
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERCryptographic Issues
+ Maintenance Notes

This category is incomplete and needs refinement, as there is good documentation of cryptographic flaws and related attacks.

Relationships between CWE-310, CWE-326, and CWE-327 and all their children need to be reviewed and reorganized.

+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Maintenance Notes, Relationships, Relationship Notes, Taxonomy Mappings
2009-07-27CWE Content TeamMITREInternal
updated Maintenance Notes, Relationship Notes, Relationships
2009-10-29CWE Content TeamMITREInternal
updated Relationships
Back to top
Page Last Updated: October 29, 2009
 

CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us