CVEbaza.plSłownik CWECWE-1240
Common Weakness Enumeration

CWE-1240

Use of a Cryptographic Primitive with a Risky Implementation

Kategoria: BaseCVE: 19
Opis

Produkt implementuje algorytm kryptograficzny przy użyciu niestandardowej, niedowodzonej lub niedozwolonej/niezgodnej implementacji kryptograficznej w celu spełnienia potrzeby prymitywu kryptograficznego. Takie podejście narażać może system na luki bezpieczeństwa i kompromitację danych.

Description (EN)

To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.

Podatności CVE z CWE-1240 (19)
9.8
CVSS
CRITICAL
CVE-2024-0323

Serwer FTP wbudowany w B&R Automation Runtime obsługuje przestarzałe i niezabezpieczone mechanizmy szyfrowania (SSLv3, TLSv1.0, TLSv1.1). Atakujący w sieci może wykorzystać tę podatność do przechwytywania i odszyfrowywania komunikacji lub przeprowadzenia ataku man-in-the-middle.

pub. 2024-02-05
8.9
CVSS
HIGH
CVE-2026-46654

Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5.3.

pub. 2026-06-10
8.6
CVSS
HIGH
CVE-2025-24802

Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always include the 0 -> 0 input-output pair. Thus a malicious prover can always prove that f(0) = 0 for any lookup table f (unless its length happens to be divisible by 26). The cause of problem is that the LookupTableGate-s are padded with zeros. A workaround from the user side is to extend the table (by repeating some entries) so that its length becomes divisible by 26. This vulnerability is fixed in 1.0.1.

pub. 2025-01-30
8.3
CVSS
HIGH
CVE-2025-62514

Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain the same shared key (hence leading to a successful SAS code exchange, misleading both parties into thinking no MITM has occurred) which is also known by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patches the issue.

pub. 2026-01-29
8.3
CVSS
HIGH
CVE-2024-0220

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.

pub. 2024-02-22
7.8
CVSS
HIGH
CVE-2025-58720

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

pub. 2025-10-14
7.5
CVSS
HIGH
CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.

pub. 2026-04-09
6.7
CVSS
MEDIUM
CVE-2025-46424

Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high privileged attacker could potentially exploit this vulnerability leading to Denial of service.

pub. 2025-11-05
6.4
CVSS
MEDIUM
CVE-2026-22705

RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2.

pub. 2026-01-10
6.2
CVSS
MEDIUM
CVE-2023-51392

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.

pub. 2024-02-23
5.9
CVSS
MEDIUM
CVE-2025-64647

IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information

pub. 2026-03-25
5.9
CVSS
MEDIUM
CVE-2025-53960

When issuing JSON Web Tokens (JWT), Apache StreamPark directly uses the user's password as the HMAC signing key (e.g., with the HS256 algorithm). An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge identity tokens for the user if the password is already known, ultimately leading to complete account takeover. This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are recommended to upgrade to version 2.1.7, which fixes the issue.

pub. 2025-12-12
5.6
CVSS
MEDIUM
CVE-2025-14505

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This happens, because the byte-length of 'k' is incorrectly computed, resulting in its getting truncated during the computation. Legitimate transactions or communications will be broken as a result. Furthermore, due to the nature of the fault, attackers could–under certain conditions–derive the secret key, if they could get their hands on both a faulty signature generated by a vulnerable version of Elliptic and a correct signature for the same inputs. This issue affects all known versions of Elliptic (at the time of writing, versions less than or equal to 6.6.1).

pub. 2026-01-08
5.5
CVSS
MEDIUM
CVE-2025-29808

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

pub. 2025-04-08
5.4
CVSS
MEDIUM
CVE-2025-29779

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.8.0b2 and prior, the `secure_redundant_execution` function in feldman_vss.py attempts to mitigate fault injection attacks by executing a function multiple times and comparing results. However, several critical weaknesses exist. Python's execution environment cannot guarantee true isolation between redundant executions, the constant-time comparison implementation in Python is subject to timing variations, the randomized execution order and timing provide insufficient protection against sophisticated fault attacks, and the error handling may leak timing information about partial execution results. These limitations make the protection ineffective against targeted fault injection attacks, especially from attackers with physical access to the hardware. A successful fault injection attack could allow an attacker to bypass the redundancy check mechanisms, extract secret polynomial coefficients during share generation or verification, force the acceptance of invalid shares during verification, and/or manipulate the commitment verification process to accept fraudulent commitments. This undermines the core security guarantees of the Verifiable Secret Sharing scheme. As of time of publication, no patched versions of Post-Quantum Secure Feldman's Verifiable Secret Sharing exist, but other mitigations are available. Long-term remediation requires reimplementing the security-critical functions in a lower-level language like Rust. Short-term mitigations include deploying the software in environments with physical security controls, increasing the redundancy count (from 5 to a higher number) by modifying the source code, adding external verification of cryptographic operations when possible, considering using hardware security modules (HSMs) for key operations.

pub. 2025-03-14
3.8
CVSS
LOW
CVE-2026-44410

Podatność wynika z błędu w logice biznesowej aplikacji. Atakujący mogą wykorzystać legalne funkcje aplikacji w niezamierzony i anomalny sposób, odchodzący od intencji projektanta, aby przeprowadzić złośliwe ataki.

pub. 2026-05-26
3.8
CVSS
LOW
CVE-2024-37137

Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information disclosure.

pub. 2024-06-28
3.7
CVSS
LOW
CVE-2025-22475

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.

pub. 2025-02-04
2.3
CVSS
LOW
CVE-2026-27017

uTLS to fork crypto/tls, stworzony w celu dostosowania ClientHello w celu uodpornienia na fingerprinting, zachowując możliwość użycia go do handshake'u. Wersje 1.6.0 do 1.8.0 zawierają niezgodność fingerprinta z Chrome'em podczas użycia GREASE ECH, związaną z wyborem cipher suite. Chrome konsekwentnie wybiera preferowaną cipher suite w outer ClientHello i dla ECH na podstawie obsługi sprzętu, jednak Chrome parrot w uTLS hardkoduje preferencję AES dla outer cipher suite, ale losowo wybiera ECH cipher suite między AES i ChaCha20, tworząc 50% szansę wyboru ChaCha20 dla ECH przy jednoczesnym użyciu AES dla outer cipher suite—kombinacja niemożliwa w Chrome. Problem dotyczy wyłącznie GREASE ECH; w rzeczywistym ECH Chrome wybiera pierwszą prawidłową cipher suite, którą uTLS obsługuje poprawnie. Problem został naprawiony w wersji 1.8.1.

pub. 2026-02-20
Informacje
ID: CWE-1240
Typ: Base
Podatności: 19
MITRE CWE ↗
← Słownik CWE