OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
Category ID: 719 (Category)Status: Incomplete
+ Description

Description Summary

Weaknesses in this category are related to the A8 category in the OWASP Top Ten 2007.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfWeakness BaseWeakness Base311Missing SecurityDatabase\Encrypt\Encryption of Sensitive Data
Weaknesses in OWASP Top Ten (2007) (primary)629
ParentOfWeakness BaseWeakness Base321Use of Hard-coded Cryptographic Key
Weaknesses in OWASP Top Ten (2007) (primary)629
ParentOfWeakness BaseWeakness Base325Missing Required Cryptographic Step
Weaknesses in OWASP Top Ten (2007) (primary)629
ParentOfWeakness ClassWeakness Class326Inadequate SecurityDatabase\Encrypt\Encryption Strength
Weaknesses in OWASP Top Ten (2007) (primary)629
MemberOfViewView629Weaknesses in OWASP Top Ten (2007)
Weaknesses in OWASP Top Ten (2007) (primary)629
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
20SecurityDatabase\Encrypt\Encryption Brute Forcing
55Rainbow Table Password Cracking
59Session Credential Falsification through Prediction
65Passively Sniff and Capture Application Code Bound for Authorized Client
+ References
OWASP. "Top 10 2007-Insecure Cryptographic Storage". 2007. <http://www.owasp.org/index.php/Top_10_2007-A8>.
+ Content History
Submission DateSubmitterOrganizationSource
2008-09-09MITREInternal CWE Team
Modification DateModifierOrganizationSource
2009-12-28CWE Content TeamMITREInternal
updated Related Attack Patterns