CWE-325 - Missing Cryptographic Step
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-10-26
Weakness Name
Missing Cryptographic Step
Description
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
Common Consequences
Scope: Access Control
Impact: Bypass Protection Mechanism
Scope: Confidentiality, Integrity
Impact: Read Application Data, Modify Application Data
Scope: Accountability, Non-Repudiation
Impact: Hide Activities