Ejecuta análisis estático (SAST) sobre el código buscando el patrón inseguro en el flujo de datos.
CWE-325 Base Borrador
Missing Cryptographic Step
This vulnerability occurs when a software implementation skips a critical step in a cryptographic process, resulting in security that is significantly weaker than the intended algorithm provides.
Definición
What is CWE-325?
This vulnerability occurs when a software implementation skips a critical step in a cryptographic process, resulting in security that is significantly weaker than the intended algorithm provides.
Cryptographic algorithms are designed as a sequence of specific, interdependent steps. Each step serves a purpose, such as ensuring randomness, preventing pattern analysis, or binding data together securely. When a developer omits one of these steps—whether during key generation, encryption, decryption, or integrity verification—the entire cryptographic operation becomes fragile. The resulting system may appear to function normally but can be easily broken by attackers using well-known techniques, completely undermining the promised security.
This flaw often stems from using incomplete code samples, misunderstanding algorithm specifications, or attempting to 'optimize' performance by removing so-called 'unnecessary' operations. To prevent it, developers should rely on reputable, high-level cryptographic libraries rather than implementing algorithms from scratch. Always follow the official algorithm specification or RFC meticulously, and use established test vectors to verify that every required step is correctly executed in the proper order.
Impacto en el mundo real
Real-world CVEs caused by CWE-325
-
Missing challenge-response step allows authentication bypass using public key.
Cómo lo explotan los atacantes
Ruta del atacante paso a paso
- 1
The example code is taken from the HMAC engine inside the buggy OpenPiton SoC of HACK@DAC'21 [REF-1358]. HAMC is a message authentication code (MAC) that uses both a hash and a secret crypto key. The HMAC engine in HACK@DAC SoC uses the SHA-256 module for the calculation of the HMAC for 512 bits messages.
- 2
However, this HMAC engine cannot handle messages that are longer than 512 bits. Moreover, a complete HMAC will contain an iterate hash function that breaks up a message into blocks of a fixed size and iterates over them with a compression function (e.g., SHA-256). Therefore, the implementation of the HMAC in OpenPiton SoC is incomplete. Such HMAC engines will not be used in real-world applications as the messages will usually be longer than 512 bits. For instance, OpenTitan offers a comprehensive HMAC implementation that utilizes a FIFO for temporarily storing the truncated message, as detailed in [REF-1359].
- 3
To mitigate this, implement the iterative function to break up a message into blocks of a fixed size.
Ejemplo de código vulnerable
Vulnerable Verilog
The example code is taken from the HMAC engine inside the buggy OpenPiton SoC of HACK@DAC'21 [REF-1358]. HAMC is a message authentication code (MAC) that uses both a hash and a secret crypto key. The HMAC engine in HACK@DAC SoC uses the SHA-256 module for the calculation of the HMAC for 512 bits messages.
**logic [511:0] bigData;**
...
hmac hmac(
```
.clk_i(clk_i),
.rst_ni(rst_ni && ~rst_4),
.init_i(startHash && ~startHash_r),
.key_i(key),
.ikey_hash_i(ikey_hash),
.okey_hash_i(okey_hash),
.key_hash_bypass_i(key_hash_bypass),
```
.message_i(bigData),**
.hash_o(hash),
.ready_o(ready),
.hash_valid_o(hashValid) Ejemplo de código seguro
Secure pseudo
// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
const safe = validateAndEscape(input);
return executeWithGuards(safe);
} What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de prevención
How to prevent CWE-325
- Architecture Use safe-by-default frameworks and APIs that prevent the unsafe pattern from being expressible.
- Implementation Validate input at trust boundaries; use allowlists, not denylists.
- Implementation Apply the principle of least privilege to credentials, file paths, and runtime permissions.
- Testing Cover this weakness in CI: SAST rules + targeted unit tests for the data flow.
- Operation Monitor logs for the runtime signals listed in the next section.
Señales de detección
How to detect CWE-325
Ejecuta pruebas dinámicas de seguridad de aplicaciones (DAST) contra el endpoint en vivo.
Vigila los logs en tiempo de ejecución para detectar trazas de excepción inusuales, entradas malformadas o intentos de bypass de autorización.
Revisión de código: marca cualquier código nuevo que maneje entrada desde esta superficie sin usar los helpers validados del framework.
Plexicus detecta automáticamente CWE-325 y abre un PR de corrección en menos de 60 segundos.
Codex Remedium escanea cada commit, identifica esta debilidad concreta y entrega un pull request listo para revisión con el parche. Sin tickets. Sin traspasos.
Preguntas frecuentes ¿Qué es CWE-325?
¿Qué gravedad tiene CWE-325?
¿Qué lenguajes o plataformas se ven afectados por CWE-325?
¿Cómo puedo prevenir CWE-325?
¿Cómo detecta y corrige Plexicus CWE-325?
¿Dónde puedo aprender más sobre CWE-325?
Frequently asked questions
¿Qué es CWE-325?
This vulnerability occurs when a software implementation skips a critical step in a cryptographic process, resulting in security that is significantly weaker than the intended algorithm provides.
¿Qué gravedad tiene CWE-325?
MITRE no ha publicado una calificación de probabilidad de explotación para esta debilidad. Trátala como de impacto medio hasta que tu modelo de amenazas demuestre lo contrario.
¿Qué lenguajes o plataformas se ven afectados por CWE-325?
MITRE lists the following affected platforms: Not Technology-Specific.
¿Cómo puedo prevenir CWE-325?
Use safe-by-default frameworks, validate untrusted input at trust boundaries, and apply the principle of least privilege. Cover the data-flow signature in CI with SAST.
¿Cómo detecta y corrige Plexicus CWE-325?
El motor SAST de Plexicus detecta la firma de flujo de datos para CWE-325 en cada commit. Cuando hay coincidencia, nuestro agente Codex Remedium abre un PR de corrección con el código corregido, las pruebas y un resumen de una línea para el revisor.
¿Dónde puedo aprender más sobre CWE-325?
MITRE publica la definición canónica en https://cwe.mitre.org/data/definitions/325.html. También puedes consultar la documentación de OWASP y NIST para guías relacionadas.
Debilidades relacionadas
Weaknesses related to CWE-325
CWE-573 Padre
Improper Following of Specification by Caller
This weakness occurs when software fails to properly follow the documented rules, protocols, or requirements of an external component it…
CWE-103 Hermano
Struts: Incomplete validate() Method Definition
This vulnerability occurs in a Struts application when a validator form either completely omits a validate() method or includes one but…
CWE-104 Hermano
Struts: Form Bean Does Not Extend Validation Class
This vulnerability occurs in Apache Struts applications when a form bean class does not properly extend the framework's validation class.…
CWE-243 Hermano
Creation of chroot Jail Without Changing Working Directory
This vulnerability occurs when a program creates a chroot jail but fails to change its current working directory afterward. Because the…
CWE-253 Hermano
Incorrect Check of Function Return Value
This vulnerability occurs when a program misinterprets or improperly validates the return value from a function, causing it to miss…
CWE-296 Hermano
Improper Following of a Certificate's Chain of Trust
This vulnerability occurs when software fails to properly validate the entire certificate chain back to a trusted root authority. This…
CWE-304 Hermano
Missing Critical Step in Authentication
This vulnerability occurs when a software authentication process omits a required step, weakening its overall security.
CWE-329 Hermano
Generation of Predictable IV with CBC Mode
This vulnerability occurs when software uses a predictable or reused Initialization Vector (IV) with Cipher Block Chaining (CBC) mode…
CWE-358 Hermano
Improperly Implemented Security Check for Standard
This vulnerability occurs when software fails to correctly implement one or more critical security checks required by a standard protocol,…
Listo cuando tú lo estés
Deja de pagar por desarrollador.
Empieza a cerrar el bucle.
Plexicus es el ASPM nativo de IA que escanea, filtra, corrige, pentestea y explica — de forma autónoma. Desarrolladores ilimitados, repos ilimitados, acciones de IA de uso justo. Nivel gratuito real, €269/mo anual cuando estés listo.