CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-291 | Reliance on IP Address for Authentication | Vulnerabilities |
CWE-293 | Using Referer Field for Authentication | Vulnerabilities |
CWE-294 | Authentication Bypass by Capture-replay | Vulnerabilities |
CWE-295 | Improper Certificate Validation | Vulnerabilities |
CWE-296 | Improper Following of a Certificate's Chain of Trust | Vulnerabilities |
CWE-297 | Improper Validation of Certificate with Host Mismatch | Vulnerabilities |
CWE-298 | Improper Validation of Certificate Expiration | Vulnerabilities |
CWE-299 | Improper Check for Certificate Revocation | Vulnerabilities |
CWE-300 | Channel Accessible by Non-Endpoint | Vulnerabilities |
CWE-301 | Reflection Attack in an Authentication Protocol | Vulnerabilities |
CWE-302 | Authentication Bypass by Assumed-Immutable Data | Vulnerabilities |
CWE-303 | Incorrect Implementation of Authentication Algorithm | Vulnerabilities |
CWE-304 | Missing Critical Step in Authentication | Vulnerabilities |
CWE-305 | Authentication Bypass by Primary Weakness | Vulnerabilities |
CWE-306 | Missing Authentication for Critical Function | Vulnerabilities |
CWE-307 | Improper Restriction of Excessive Authentication Attempts | Vulnerabilities |
CWE-308 | Use of Single-factor Authentication | Vulnerabilities |
CWE-309 | Use of Password System for Primary Authentication | Vulnerabilities |
CWE-311 | Missing Encryption of Sensitive Data | Vulnerabilities |
CWE-312 | Cleartext Storage of Sensitive Information | Vulnerabilities |
CWE-313 | Cleartext Storage in a File or on Disk | Vulnerabilities |
CWE-314 | Cleartext Storage in the Registry | Vulnerabilities |
CWE-315 | Cleartext Storage of Sensitive Information in a Cookie | Vulnerabilities |
CWE-316 | Cleartext Storage of Sensitive Information in Memory | Vulnerabilities |
CWE-317 | Cleartext Storage of Sensitive Information in GUI | Vulnerabilities |
CWE-318 | Cleartext Storage of Sensitive Information in Executable | Vulnerabilities |
CWE-319 | Cleartext Transmission of Sensitive Information | Vulnerabilities |
CWE-321 | Use of Hard-coded Cryptographic Key | Vulnerabilities |
CWE-322 | Key Exchange without Entity Authentication | Vulnerabilities |
CWE-323 | Reusing a Nonce, Key Pair in Encryption | Vulnerabilities |
CWE-324 | Use of a Key Past its Expiration Date | Vulnerabilities |
CWE-325 | Missing Cryptographic Step | Vulnerabilities |
CWE-326 | Inadequate Encryption Strength | Vulnerabilities |
CWE-327 | Use of a Broken or Risky Cryptographic Algorithm | Vulnerabilities |
CWE-328 | Use of Weak Hash | Vulnerabilities |
CWE-329 | Generation of Predictable IV with CBC Mode | Vulnerabilities |
CWE-330 | Use of Insufficiently Random Values | Vulnerabilities |
CWE-331 | Insufficient Entropy | Vulnerabilities |
CWE-332 | Insufficient Entropy in PRNG | Vulnerabilities |
CWE-333 | Improper Handling of Insufficient Entropy in TRNG | Vulnerabilities |
CWE-334 | Small Space of Random Values | Vulnerabilities |
CWE-335 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) | Vulnerabilities |
CWE-336 | Same Seed in Pseudo-Random Number Generator (PRNG) | Vulnerabilities |
CWE-337 | Predictable Seed in Pseudo-Random Number Generator (PRNG) | Vulnerabilities |
CWE-338 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | Vulnerabilities |
CWE-339 | Small Seed Space in PRNG | Vulnerabilities |
CWE-340 | Generation of Predictable Numbers or Identifiers | Vulnerabilities |
CWE-341 | Predictable from Observable State | Vulnerabilities |
CWE-342 | Predictable Exact Value from Previous Values | Vulnerabilities |
CWE-343 | Predictable Value Range from Previous Values | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.