Insecure Randomness Abstract Standard pseudo-random number generators cannot withstand cryptographic attacks. Description Insecure randomness...

J2EE Misconfiguration: Insufficient Session-ID Length Abstract Session identifiers should be at least 128 bits long to prevent brute-force session...

Key exchange without entity authentication Overview Performing a key exchange without verifying the identity of the entity being communicated with...

Non-cryptographic pseudo-random number generator Overview The use of Non-cryptographic Pseudo-Random Number Generators (PRNGs) as a source for...

Not using a random initialization vector with cipher block chaining mode Overview Not using a random initialization vector with Cipher Block...

Reusing a nonce, key pair in encryption Overview Nonces should be used for the present occasion and only once. Consequences ...

Testing for SSL-TLS Brief Summary Due to historical exporting restrictions of high grade cryptography, legacy and new web servers could be able...

Use of hard-coded cryptographic key Overview The use of a hard-coded cryptographic key tremendously increases the possibility that encrypted data...

Use of hard-coded cryptographic key Overview The use of a hard-coded cryptographic key tremendously increases the possibility that encrypted data...

Using a broken or risky cryptographic algorithm Overview The use of a broken or risky cryptographic algorithm is an unnecessary risk that may...