logo

Category: OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage

Obsolete
Summary

Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2010.

Membership
IDNameDescription
CWE-311Missing Encryption of Sensitive DataThis vulnerability occurs when an application stores or sends sensitive information without first encrypting it, leaving the data exposed.
CWE-312Cleartext Storage of Sensitive InformationThis vulnerability occurs when an application stores sensitive data like passwords, credit card numbers, or personal information in plain text, without any encryption. This unsecured data is kept in files, databases, caches, or logs that could be accessed by unauthorized users or systems.
CWE-326Inadequate Encryption StrengthThis vulnerability occurs when an application protects sensitive information with encryption, but the specific algorithm or key strength used is too weak to withstand modern attack methods.
CWE-327Use of a Broken or Risky Cryptographic AlgorithmThe software relies on a cryptographic algorithm or protocol that is either fundamentally flawed or considered too weak by modern security standards.
CWE-759Use of a One-Way Hash without a SaltThis vulnerability occurs when a system uses a one-way hash function (like MD5 or SHA-256) to protect sensitive data like passwords, but fails to add a unique random value called a salt before hashing.
CWE-809Weaknesses in OWASP Top Ten (2010)CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2010. This view is considered obsolete as a newer version of the OWASP Top Ten is available.
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.