CWE-326 - Inadequate Encryption Strength

CWE-326

Abstraction:
Class

Structure:
Simple

Status:
Draft

Weakness Name: Inadequate Encryption Strength

Description: The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.

Common Consequences: Scope: Access Control, Confidentiality
Impact: Bypass Protection Mechanism, Read Application Data
Notes: An attacker may be able to decrypt the data using brute force attacks.

Related Weaknesses: CWE-693Protection Mechanism Failure

Related Alerts: Weak Authentication MethodMedium

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard