Statements (68)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:CEO
|
| gptkbp:bfsLayer |
6
|
| gptkbp:bfsParent |
gptkb:CWE-200
|
| gptkbp:category |
Cryptographic Issues
|
| gptkbp:consequences |
Unauthorized access to sensitive information.
Legal and compliance issues. Loss of data confidentiality. Reputation damage. |
| gptkbp:difficulty |
gptkb:High
|
| gptkbp:enemy |
Phishing
Social Engineering Data Breach Data Manipulation Session Hijacking DNS Spoofing Malware Attack SQL Injection Web Scraping Denial of Service Attack Credential Stuffing Eavesdropping Insider Threat Buffer Overflow Privilege Escalation Cross-Site Scripting (XSS) Clickjacking Credential Theft Domain Spoofing Man-in-the-Middle Attack Replay Attack Path Traversal Web Application Attacks Directory Traversal Remote Code Execution Cross-Site Request Forgery (CSRF) Supply Chain Attacks Zero-Day Exploits Code Injection Advanced Persistent Threats (AP Ts) API Attacks Command Injection Io T Attacks Man-in-the-Browser Attack Mobile Application Attacks Open Source Vulnerabilities Ransomware Attack Session Fixation Third-Party Library Vulnerabilities XML External Entity (XXE) Attack |
| gptkbp:example |
Not using encryption for sensitive data.
Using AES with a short key length. Using a weak encryption algorithm like DES. Using outdated cryptographic algorithms. |
| gptkbp:has_weakness |
gptkb:CWE-326
gptkb:CWE-327 CWE-311 |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-326
|
| gptkbp:impact |
Data integrity issues
Data exposure |
| gptkbp:is_described_as |
The product uses an encryption algorithm that is not strong enough to protect sensitive data.
|
| gptkbp:is_protected_by |
Regularly update cryptographic protocols.
Use strong encryption algorithms. |
| gptkbp:is_referenced_in |
NISTSP 800-131 A
OWASP Cryptographic Storage Cheat Sheet |
| gptkbp:name |
Inadequate Encryption Strength
|
| gptkbp:related_to |
gptkb:CWE-326
gptkb:CWE-327 CWE-311 |