Key Management Errors |
Category ID: 320 (Category) | Status: Draft |
Description Summary
Weaknesses in this category are related to errors in the management of cryptographic keys.
Reference | Description |
---|---|
CVE-2005-2146 | insecure permissions when generating secret key, allowing spoofing |
CVE-2001-1527 | administration passwords in cleartext in executable |
CVE-2000-0762 | default installation of product uses a default encryption key, allowing others to spoof the administrator |
CVE-2002-1947 | static key / global shared key -- "global shared key" - product uses same SSL key for all installations, allowing attackers to eavesdrop or hijack session. |
CVE-2005-4002 | static key / global shared key -- "global shared key" - product uses same secret key for all installations, allowing attackers to decrypt data. |
CVE-2005-2196 | static key / global shared key -- Product uses default WEP key when not connected to a known or trusted network, which can cause it to automatically connect to a malicious network. Overlaps: default. |
CVE-2005-1794 | Exposed or accessible private key (overlaps information leak) -- Private key stored in executable |
CVE-2001-0072 | Exposed or accessible private key (overlaps information leak) -- Crypto program imports both public and private keys but does not tell the user about the private keys, possibly breaking the web of trust. |
CVE-2005-3256 | Misc -- SecurityDatabase\Encrypt\Encryption product accidentally selects the wrong key if the key doesn't have additional fields that are normally expected, leading to infoleak to the owner of that wrong key |
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 310 | Cryptographic Issues | Development Concepts (primary)699 |
ParentOf | ![]() | 321 | Use of Hard-coded Cryptographic Key | Development Concepts699 |
ParentOf | ![]() | 322 | Key Exchange without Entity Authentication | Development Concepts (primary)699 |
ParentOf | ![]() | 323 | Reusing a Nonce, Key Pair in SecurityDatabase\Encrypt\Encryption | Development Concepts (primary)699 |
ParentOf | ![]() | 324 | Use of a Key Past its Expiration Date | Development Concepts (primary)699 |