CWE-326Inadequate Encryption Strength

PUBLISHEDweakness record
released 2006-07-19 · last modified 2025-12-11

Metadata

CWE ID:
CWE-326
摘要:
Class
结构:
Simple
状态:
Draft
发布日期:
2006-07-19
更新日期:
2025-12-11

名称

Inadequate Encryption Strength

描述

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.

常见后果

范围:
Access Control, Confidentiality
影响:
Bypass Protection Mechanism, Read Application Data
注释:
An attacker may be able to decrypt the data using brute force attacks.

相关 CWE

相关警报