Cryptographic Issues
Category ID: 310 (Category)Status: Draft
+ Description

Description Summary

Weaknesses in this category are related to the use of cryptography.
+ Applicable Platforms

Languages

All

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory254Security Features
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base311Missing SecurityDatabase\Encrypt\Encryption of Sensitive Data
Development Concepts (primary)699
ParentOfCategoryCategory320Key Management Errors
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base325Missing Required Cryptographic Step
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class326Inadequate SecurityDatabase\Encrypt\Encryption Strength
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base327Use of a Broken or Risky Cryptographic Algorithm
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base328Reversible One-Way Hash
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant329Not Using a Random IV with CBC Mode
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant780Use of RSA Algorithm without OAEP
Development Concepts (primary)699
MemberOfViewView635Weaknesses Used by NVD
Weaknesses Used by NVD (primary)635
CanAlsoBeWeakness BaseWeakness Base208Timing Discrepancy Information Leak
Research Concepts1000
CanAlsoBeWeakness BaseWeakness Base226Sensitive Information Uncleared Before Release
Research Concepts1000
+ Relationship Notes

Some of these can be resultant.

+ Functional Areas
  • Cryptography
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERCryptographic Issues
+ References
[REF-11] M. Howard and D. LeBlanc. "Writing Secure Code". Chapter 8, "Cryptographic Foibles" Page 259. 2nd Edition. Microsoft. 2002.
+ Maintenance Notes

This category is incomplete and needs refinement, as there is good documentation of cryptographic flaws and related attacks.

Relationships between CWE-310, CWE-326, and CWE-327 and all their children need to be reviewed and reorganized.

+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Maintenance Notes, Relationships, Relationship Notes, Taxonomy Mappings
2009-07-27CWE Content TeamMITREInternal
updated Maintenance Notes, Relationship Notes, Relationships
2009-10-29CWE Content TeamMITREInternal
updated Relationships