Category: SFP Secondary Cluster: Broken Cryptography
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Broken Cryptography cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-325 | Missing Cryptographic Step | This vulnerability occurs when a software implementation skips a critical step in a cryptographic process, resulting in security that is significantly weaker than the intended algorithm provides. |
| CWE-327 | Use of a Broken or Risky Cryptographic Algorithm | The software relies on a cryptographic algorithm or protocol that is either fundamentally flawed or considered too weak by modern security standards. |
| CWE-328 | Use of Weak Hash | This vulnerability occurs when software uses a hashing algorithm that is cryptographically weak, allowing attackers to feasibly reverse the hash to find the original input, find a different input that creates the same hash, or discover collisions where two inputs produce identical hash values. |
| CWE-759 | Use of a One-Way Hash without a Salt | This vulnerability occurs when a system uses a one-way hash function (like MD5 or SHA-256) to protect sensitive data like passwords, but fails to add a unique random value called a salt before hashing. |
| CWE-760 | Use of a One-Way Hash with a Predictable Salt | This vulnerability occurs when an application uses a one-way hash (like for password storage) but combines it with a predictable or easily guessed salt. This undermines the security benefit of salting, making pre-computed attack methods like rainbow tables highly effective. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.