CWE-326
Inadequate Encryption Strength
Description
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Bypass Protection Mechanism, Read Application Data
Potential Mitigations
Use an encryption scheme that is currently considered to be strong by experts in the field.
CVE-2001-1546Weak encryption
CVE-2004-2172Weak encryption (chosen plaintext attack)
CVE-2002-1682Weak encryption
CVE-2002-1697Weak encryption produces same ciphertext from the same plaintext blocks.
CVE-2002-1739Weak encryption
CVE-2005-2281Weak encryption scheme
CVE-2002-1872Weak encryption (XOR)
CVE-2002-1910Weak encryption (reversible algorithm).
CVE-2002-1946Weak encryption (one-to-one mapping).
CVE-2002-1975Encryption error uses fixed salt, simplifying brute force / dictionary attacks (overlaps randomness).
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now