CWE-325 缺少必要的密码学步骤

Missing Required Cryptographic Step

结构: Simple

Abstraction: Base

状态: Incomplete

被利用可能性: unkown


The software does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by that algorithm.


Cryptographic implementations should follow the algorithms that define them exactly, otherwise encryption can be weaker than expected.


  • cwe_Nature: ChildOf cwe_CWE_ID: 573 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: PeerOf cwe_CWE_ID: 358 cwe_View_ID: 1000


Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}


范围 影响 注释
Access Control Bypass Protection Mechanism If the cryptographic algorithm is used for authentication and authorization, then an attacker could gain unauthorized access to the system.
['Confidentiality', 'Integrity'] ['Read Application Data', 'Modify Application Data'] Sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.
['Accountability', 'Non-Repudiation'] Hide Activities If the cryptographic algorithm is used to ensure the identity of the source of the data (such as digital signatures), then a broken algorithm will compromise this scheme and the source of the data cannot be proven.


标识 说明 链接


Relationship Overlaps incomplete/missing security check. Relationship Can be resultant.


映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Missing Required Cryptographic Step
OWASP Top Ten 2007 A8 CWE More Specific Insecure Cryptographic Storage
OWASP Top Ten 2007 A9 CWE More Specific Insecure Communications


  • CAPEC-68