CWE-325 55 件の CVE MITRE の定義 ↗

CWE-325: Missing Cryptographic Step

概要

CWE-325(Missing Cryptographic Step)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響
セキュリティ影響:製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

適用プラットフォーム

種別 名称 クラス 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE 公開 概要
CVE-2026-6458 2026-06-23 Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware…
CVE-2026-49440 2026-06-23 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and crypto.checkPrimeSync(candidate[, options]) ran no Miller-Rabin …
CVE-2026-9266 2026-06-12 A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediat…
CVE-2026-45446 2026-06-09 Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing a forgery of s…
CVE-2026-45445 2026-06-09 Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied initialisation vector (IV) is silently discarded. Impact summ…
CVE-2026-42770 2026-06-09 Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents…
CVE-2026-0420 2026-06-09 An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks imp…
CVE-2026-48480 2026-06-04 The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptograph…
CVE-2026-42246 2026-05-09 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttl…
CVE-2026-41395 2026-04-28 OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attacker…
CVE-2026-40542 2026-04-22 Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users …
CVE-2026-29142 2026-04-02 SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email.
CVE-2026-4601 2026-03-23 Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can reco…
CVE-2026-4258 2026-03-17 All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a…
CVE-2026-28498 2026-03-16 Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation …
CVE-2025-47383 2026-03-02 Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
CVE-2025-69418 2026-01-27 Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block…
CVE-2026-22863 2026-01-15 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive …
CVE-2025-60704 2025-11-11 Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-59339 2025-09-17 The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a he…

旧名称

  • Missing Required Cryptographic Step (2020-08-20)

コンテンツ投稿

名称
PLOVER
日付
2006-07-19
バージョン
Draft 3

コンテンツの変更履歴

日付 名称 バージョン 重要度 コメント
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Description, Functional_Areas, Modes_of_Introduction, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Common_Consequences, Relationships
2014-06-23 CWE Content Team 2.7 updated Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Modes_of_Introduction, Relationships
2018-03-27 CWE Content Team 3.1 updated Relationships
2020-02-24 CWE Content Team 4.0 updated Applicable_Platforms, Description, Relationships
2020-08-20 CWE Content Team 4.2 updated Common_Consequences, Description, Modes_of_Introduction, Name
2021-10-28 CWE Content Team 4.6 updated Relationships
2023-04-27 CWE Content Team 4.11 updated Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Demonstrative_Examples, References
2025-12-11 CWE Content Team 4.19 updated Detection_Factors, Relationships, Weakness_Ordinalities

貢献

タイプ 名称 日付 コメント
Content Chen Chen, Rahul Kande, Jeyavijayan Rajendran 2023-06-21 suggested demonstrative example
Content Shaza Zeitouni, Mohamadreza Rostami, Ahmad-Reza Sadeghi 2023-06-21 suggested demonstrative example
cvelogic Threat Intelligence