 | |
|
Insecure Randomness Abstract Standard pseudo-random
number generators cannot withstand cryptographic
attacks. Description Insecure randomness...
J2EE Misconfiguration: Insufficient Session-ID Length
Abstract Session identifiers should be at least 128 bits
long to prevent brute-force session...
Key exchange without entity
authentication Overview Performing a key exchange
without verifying the identity of the entity being
communicated with...
Non-cryptographic pseudo-random number generator
Overview The use of Non-cryptographic Pseudo-Random
Number Generators (PRNGs) as a source for...
Not using a random initialization vector with cipher
block chaining mode Overview Not using a random
initialization vector with Cipher Block...
Reusing a nonce, key pair in encryption Overview Nonces
should be used for the present occasion and only once.
Consequences ...
Testing for SSL-TLS Brief Summary Due to historical
exporting restrictions of high grade cryptography,
legacy and new web servers could be able...
Use of hard-coded cryptographic key Overview The use of
a hard-coded cryptographic key tremendously increases
the possibility that encrypted data...
Using a broken or risky cryptographic algorithm Overview
The use of a broken or risky cryptographic algorithm is
an unnecessary risk that may...
Using a key past its expiration date
Using a key past its expiration date Overview The use of
a cryptographic key or password past its expiration date
diminishes its safety...
|