CWE-321 - Use of Hard-coded Cryptographic Key

CWE-321 High

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Use of Hard-coded Cryptographic Key

Description: The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

Common Consequences: Scope: Access Control
Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity
Notes: If hard-coded cryptographic keys are used, it is almost certain that malicious users will gain access through the account in question.

Related Weaknesses: CWE-798

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29