An attacker discovers a weakness in the cryptographic algorithm or a weakness in how it was applied to a particular chunk of plaintext.
An attacker leverages the discovered weakness to decrypt, partially decrypt or infer some information about the contents of the encrypted message. All of that is done without knowing the secret key.
Ensure that the algorithms are used properly. That means:
Weakness Name | |
---|---|
CWE-327 |
Use of a Broken or Risky Cryptographic Algorithm The product uses a broken or risky cryptographic algorithm or protocol. |
CWE-1204 |
Generation of Weak Initialization Vector (IV) The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive. |
CWE-1240 |
Use of a Cryptographic Primitive with a Risky Implementation To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation. |
CWE-1241 |
Use of Predictable Algorithm in Random Number Generator The device uses an algorithm that is predictable and generates a pseudo-random number. |
CWE-1279 |
Cryptographic Operations are run Before Supporting Units are Ready Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result. |
Name | Organization | Date | Date release |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation |
Name | Organization | Date | Comment |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
CAPEC Content Team | The MITRE Corporation | Updated Attack_Motivation-Consequences, Description, Description Summary, Examples-Instances, Related_Weaknesses | |
CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings | |
CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
CAPEC Content Team | The MITRE Corporation | Updated Mitigations |