CWE-321
Use of Hard-coded Cryptographic Key
Description
The product uses a hard-coded, unchangeable cryptographic key.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Bypass Protection Mechanism, Gain Privileges or Assume Identity, Read Application Data
Potential Mitigations
Prevention schemes mirror that of hard-coded password storage.
CVE-2022-29960Engineering Workstation uses hard-coded cryptographic keys that could allow for unathorized filesystem access and privilege escalation
CVE-2022-30271Remote Terminal Unit (RTU) uses a hard-coded SSH private key that is likely to be used by default.
CVE-2020-10884WiFi router service has a hard-coded encryption key, allowing root access
CVE-2014-2198Communications / collaboration product has a hardcoded SSH private key, allowing access to root account
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now