Category:Cryptographic Vulnerability

This category is for tagging vulnerabilities that related to cryptographic modules.

Examples

 * Algorithm Problems
 * Insecure Algorithm
 * Use algorithms that are proven flawed or weak (DES, 3DES, MD5, Sha1, AES, Blowfish, Diffie Hellman)
 * Use non-standard (home-grown) algorithms
 * Choose the wrong algorithm
 * Use hash function for encryption
 * Use encryption algorithm for hashing
 * Inappropriate use of an algorithm
 * Use insecure encryption modes (DES EBC)
 * Initial vector is not random
 * Implementation errors
 * Use non-standard cryptographic implementations/libraries
 * Key Management Problems
 * Weak keys
 * Too short or not random enough
 * Use human chosen passwords as cryptographic keys
 * Key disclosure
 * Keys not encrypted during storage or transmission
 * Keys not cleaned appropriately after use
 * Keys Hard-coded in the code or stored in configuration files
 * Key updates
 * Allow keys aging
 * Random Number Generator (RNG) Problems
 * Poor random number generators (c: rand, Java: java.util.Random)
 * Forget to seed the random number generator
 * Use the same seed for the random number generator every time
 * Sniffing