[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Key Management Errors

ID: 320Date: (C)2012-05-14   (M)2017-11-07
Type: categoryStatus: DRAFT





Description

Weaknesses in this category are related to errors in the management of cryptographic keys.

Applicable Platforms
Language Class: All

Common Consequences
None

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-320 ChildOf CWE-310 Category CWE-699  

Demonstrative Examples
None

Observed Examples

  1. CVE-2005-2146 : insecure permissions when generating secret key, allowing spoofing
  2. CVE-2001-1527 : administration passwords in cleartext in executable
  3. CVE-2000-0762 : default installation of product uses a default encryption key, allowing others to spoof the administrator
  4. CVE-2002-1947 : static key / global shared key -- "global shared key" - product uses same SSL key for all installations, allowing attackers to eavesdrop or hijack session.
  5. CVE-2005-4002 : static key / global shared key -- "global shared key" - product uses same secret key for all installations, allowing attackers to decrypt data.
  6. CVE-2005-2196 : static key / global shared key -- Product uses default WEP key when not connected to a known or trusted network, which can cause it to automatically connect to a malicious network. Overlaps: default.
  7. CVE-2005-1794 : Exposed or accessible private key (overlaps information exposure) -- Private key stored in executable
  8. CVE-2001-0072 : Exposed or accessible private key (overlaps information exposure) -- Crypto program imports both public and private keys but does not tell the user about the private keys, possibly breaking the web of trust.
  9. CVE-2005-3256 : Misc -- Encryption product accidentally selects the wrong key if the key doesn't have additional fields that are normally expected, allowing the owner of the wrong key to decrypt the data.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Key Management Errors
 
 

References:
None

© 2013 SecPod Technologies