CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-331 | Insufficient Entropy | Vulnerabilities |
CWE-330 | Use of Insufficiently Random Values | Vulnerabilities |
CWE-329 | Generation of Predictable IV with CBC Mode | Vulnerabilities |
CWE-328 | Use of Weak Hash | Vulnerabilities |
CWE-327 | Use of a Broken or Risky Cryptographic Algorithm | Vulnerabilities |
CWE-326 | Inadequate Encryption Strength | Vulnerabilities |
CWE-325 | Missing Cryptographic Step | Vulnerabilities |
CWE-324 | Use of a Key Past its Expiration Date | Vulnerabilities |
CWE-323 | Reusing a Nonce, Key Pair in Encryption | Vulnerabilities |
CWE-322 | Key Exchange without Entity Authentication | Vulnerabilities |
CWE-321 | Use of Hard-coded Cryptographic Key | Vulnerabilities |
CWE-319 | Cleartext Transmission of Sensitive Information | Vulnerabilities |
CWE-318 | Cleartext Storage of Sensitive Information in Executable | Vulnerabilities |
CWE-317 | Cleartext Storage of Sensitive Information in GUI | Vulnerabilities |
CWE-316 | Cleartext Storage of Sensitive Information in Memory | Vulnerabilities |
CWE-315 | Cleartext Storage of Sensitive Information in a Cookie | Vulnerabilities |
CWE-314 | Cleartext Storage in the Registry | Vulnerabilities |
CWE-313 | Cleartext Storage in a File or on Disk | Vulnerabilities |
CWE-312 | Cleartext Storage of Sensitive Information | Vulnerabilities |
CWE-311 | Missing Encryption of Sensitive Data | Vulnerabilities |
CWE-309 | Use of Password System for Primary Authentication | Vulnerabilities |
CWE-308 | Use of Single-factor Authentication | Vulnerabilities |
CWE-307 | Improper Restriction of Excessive Authentication Attempts | Vulnerabilities |
CWE-306 | Missing Authentication for Critical Function | Vulnerabilities |
CWE-305 | Authentication Bypass by Primary Weakness | Vulnerabilities |
CWE-304 | Missing Critical Step in Authentication | Vulnerabilities |
CWE-303 | Incorrect Implementation of Authentication Algorithm | Vulnerabilities |
CWE-302 | Authentication Bypass by Assumed-Immutable Data | Vulnerabilities |
CWE-301 | Reflection Attack in an Authentication Protocol | Vulnerabilities |
CWE-300 | Channel Accessible by Non-Endpoint | Vulnerabilities |
CWE-299 | Improper Check for Certificate Revocation | Vulnerabilities |
CWE-298 | Improper Validation of Certificate Expiration | Vulnerabilities |
CWE-297 | Improper Validation of Certificate with Host Mismatch | Vulnerabilities |
CWE-296 | Improper Following of a Certificate's Chain of Trust | Vulnerabilities |
CWE-295 | Improper Certificate Validation | Vulnerabilities |
CWE-294 | Authentication Bypass by Capture-replay | Vulnerabilities |
CWE-293 | Using Referer Field for Authentication | Vulnerabilities |
CWE-291 | Reliance on IP Address for Authentication | Vulnerabilities |
CWE-290 | Authentication Bypass by Spoofing | Vulnerabilities |
CWE-289 | Authentication Bypass by Alternate Name | Vulnerabilities |
CWE-288 | Authentication Bypass Using an Alternate Path or Channel | Vulnerabilities |
CWE-287 | Improper Authentication | Vulnerabilities |
CWE-286 | Incorrect User Management | Vulnerabilities |
CWE-285 | Improper Authorization | Vulnerabilities |
CWE-284 | Improper Access Control | Vulnerabilities |
CWE-283 | Unverified Ownership | Vulnerabilities |
CWE-282 | Improper Ownership Management | Vulnerabilities |
CWE-281 | Improper Preservation of Permissions | Vulnerabilities |
CWE-280 | Improper Handling of Insufficient Permissions or Privileges | Vulnerabilities |
CWE-279 | Incorrect Execution-Assigned Permissions | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.