CWE-326

GPTKB entity

Statements (68)
Predicate Object
gptkbp:instance_of gptkb:Web
gptkbp:category Cryptographic Issues
gptkbp:consequences Unauthorized access to sensitive information.
Legal and compliance issues.
Loss of data confidentiality.
Reputation damage.
gptkbp:description The product uses an encryption algorithm that is not strong enough to protect sensitive data.
gptkbp:difficulty_levels gptkb:High
gptkbp:example Not using encryption for sensitive data.
Using AES with a short key length.
Using a weak encryption algorithm like DES.
Using outdated cryptographic algorithms.
gptkbp:has_enemies Phishing
Social Engineering
Data Breach
Data Manipulation
Session Hijacking
DNS Spoofing
Malware Attack
SQL Injection
Web Scraping
Denial of Service Attack
Credential Stuffing
Eavesdropping
Insider Threat
Buffer Overflow
Privilege Escalation
Cross-Site Scripting (XSS)
Clickjacking
Credential Theft
Domain Spoofing
Man-in-the-Middle Attack
Replay Attack
Path Traversal
Web Application Attacks
Directory Traversal
Remote Code Execution
Cross-Site Request Forgery (CSRF)
Supply Chain Attacks
Zero-Day Exploits
Advanced Persistent Threats (APTs)
Code Injection
API Attacks
Command Injection
Io T Attacks
Man-in-the-Browser Attack
Mobile Application Attacks
Open Source Vulnerabilities
Ransomware Attack
Session Fixation
Third-Party Library Vulnerabilities
XML External Entity (XXE) Attack
gptkbp:has_weakness gptkb:CWE-326
gptkb:CWE-327
CWE-311
https://www.w3.org/2000/01/rdf-schema#label CWE-326
gptkbp:impact Data integrity issues
Data exposure
gptkbp:is_referenced_in gptkb:NIST_SP_800-131_A
OWASP Cryptographic Storage Cheat Sheet
gptkbp:name Inadequate Encryption Strength
gptkbp:prevention Regularly update cryptographic protocols.
Use strong encryption algorithms.
gptkbp:related_to gptkb:CWE-326
gptkb:CWE-327
CWE-311
gptkbp:bfsParent gptkb:CWE-200
gptkbp:bfsLayer 8