Common Weakness Enumeration

CWE-1240

Allowed

Use of a Cryptographic Primitive with a Risky Implementation

Abstraction: Base · Status: Draft

To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.

42 vulnerabilities reference this CWE, most recent first.

GHSA-3HG2-RH4R-8QF6

Vulnerability from github – Published: 2025-12-12 18:30 – Updated: 2025-12-20 02:40
VLAI
Summary
Apache StreamPark: Use the user’s password as the secret key Vulnerability
Details

When encrypting sensitive data, weak encryption keys that are fixed or directly generated based on user passwords are used. Attackers can obtain these keys through methods such as reverse engineering, code leaks, or password guessing, thereby decrypting stored or transmitted encrypted data, leading to the leakage of sensitive information.

This issue affects Apache StreamPark: from 2.0.0 before 2.1.7.

Users are recommended to upgrade to version 2.1.7, which fixes the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.streampark:streampark"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.1.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-53960"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1240"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-12T20:19:56Z",
    "nvd_published_at": "2025-12-12T16:15:44Z",
    "severity": "HIGH"
  },
  "details": "When encrypting sensitive data, weak encryption keys that are fixed or directly generated based on user passwords are used. Attackers can obtain these keys through methods such as reverse engineering, code leaks, or password guessing, thereby decrypting stored or transmitted encrypted data, leading to the leakage of sensitive information.\n\nThis issue affects Apache StreamPark: from 2.0.0 before 2.1.7.\n\nUsers are recommended to upgrade to version 2.1.7, which fixes the issue.",
  "id": "GHSA-3hg2-rh4r-8qf6",
  "modified": "2025-12-20T02:40:33Z",
  "published": "2025-12-12T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53960"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/streampark/commit/39034db0c806168afa82e58e4f376e1e3c3b73e4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/streampark"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/xlpvfzf5l5m5mfyjwrz5h4dssm3c32vy"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/12/04/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache StreamPark: Use the user\u2019s password as the secret key Vulnerability"
}

GHSA-42VR-VVGX-QHGX

Vulnerability from github – Published: 2026-03-25 21:30 – Updated: 2026-03-25 21:30
VLAI
Details

IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-64647"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1240"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T21:16:25Z",
    "severity": "MODERATE"
  },
  "details": "IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information",
  "id": "GHSA-42vr-vvgx-qhgx",
  "modified": "2026-03-25T21:30:36Z",
  "published": "2026-03-25T21:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64647"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7267105"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-434V-X5QV-PMH6

Vulnerability from github – Published: 2026-03-26 17:58 – Updated: 2026-03-26 17:58
VLAI
Summary
libcrux has All-Zero Key Generation Upon Catastrophic RNG Failure
Details

The libcrux-ed25519 key generation samples Ed25519 secret keys from a provided CSPRNG in a loop for up to 100 attempts until a non-zero key is found. If a non-zero key could not be sampled within 100 attempts the key generation function would silently continue with an all-zero buffer as the secret key.

Impact

This bug only occurs in the event of a catastrophic failure of the CSPRNG, but would allow anyone to forge signatures under the resulting static signing key.

Mitigation

Instead of silently continuing with an all-zero signing key, starting from version 0.0.7 key generation will error in the case of 100 failed attempts at sampling a valid key.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "libcrux-ed25519"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1240",
      "CWE-331",
      "CWE-392"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-26T17:58:55Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "The libcrux-ed25519 key generation samples Ed25519 secret keys from a provided CSPRNG in a loop for up to 100 attempts until a non-zero key is found.  If a non-zero key could not be sampled within 100 attempts the key generation function would silently continue with an all-zero buffer as the secret key.\n\n## Impact\nThis bug only occurs in the event of a catastrophic failure of the CSPRNG, but would allow anyone to forge signatures under the resulting static signing key.\n\n## Mitigation\nInstead of silently continuing with an all-zero signing key, starting from version `0.0.7` key generation will error in the case of 100 failed attempts at sampling a valid key.",
  "id": "GHSA-434v-x5qv-pmh6",
  "modified": "2026-03-26T17:58:55Z",
  "published": "2026-03-26T17:58:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cryspen/libcrux/pull/1349"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cryspen/libcrux"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0075.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "libcrux has All-Zero Key Generation Upon Catastrophic RNG Failure"
}

GHSA-4GJP-9G3V-JFMP

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Use of a cryptographic primitive with a risky implementation in Windows Key Guard allows an authorized attacker to bypass a security feature locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50303"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1240"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T17:16:58Z",
    "severity": "MODERATE"
  },
  "details": "Use of a cryptographic primitive with a risky implementation in Windows Key Guard allows an authorized attacker to bypass a security feature locally.",
  "id": "GHSA-4gjp-9g3v-jfmp",
  "modified": "2026-07-14T18:32:04Z",
  "published": "2026-07-14T18:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50303"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50303"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4V2M-666W-FFM3

Vulnerability from github – Published: 2024-02-05 18:31 – Updated: 2024-09-06 09:32
VLAI
Details

Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation Automation Runtime (SDM modules).

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients.  

This issue affects Automation Runtime: from 14.0 before 14.93.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0323"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1240",
      "CWE-327"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-05T16:15:54Z",
    "severity": "CRITICAL"
  },
  "details": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in B\u0026R Industrial Automation Automation Runtime (SDM modules).\n\n\n\nThe FTP server used on the B\u0026R\nAutomation Runtime supports unsecure encryption mechanisms, such as SSLv3,\nTLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct\nman-in-the-middle attacks or to decrypt communications between the affected product\nclients. \u00a0\n\nThis issue affects Automation Runtime: from 14.0 before 14.93.\n\n",
  "id": "GHSA-4v2m-666w-ffm3",
  "modified": "2024-09-06T09:32:30Z",
  "published": "2024-02-05T18:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0323"
    },
    {
      "type": "WEB",
      "url": "https://www.br-automation.com/fileadmin/SA23P004_FTP_uses_unsecure_encryption_mechanisms-f57c147c.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6HJ5-P79M-6W3V

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30
VLAI
Details

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58720"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1240"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T17:15:53Z",
    "severity": "HIGH"
  },
  "details": "Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.",
  "id": "GHSA-6hj5-p79m-6w3v",
  "modified": "2025-10-14T18:30:32Z",
  "published": "2025-10-14T18:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58720"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58720"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6V62-CVF7-MPV3

Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34
VLAI
Details

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29808"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1240"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-08T18:16:06Z",
    "severity": "MODERATE"
  },
  "details": "Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.",
  "id": "GHSA-6v62-cvf7-mpv3",
  "modified": "2025-04-08T18:34:57Z",
  "published": "2025-04-08T18:34:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29808"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29808"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6WJW-QF87-FV5V

Vulnerability from github – Published: 2024-05-15 22:01 – Updated: 2024-05-15 22:01
VLAI
Summary
Laravel Encrypter Failure to decryption vulnerability
Details

A potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false.

To exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. Depending on the code within your application, this could lead to unexpected behavior when combined with weak type comparisons, for example:

<?php

$decyptedValue = decrypt($secret);

if ($decryptedValue == '') {
    // Code is run even though decrypted value is false...
}
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "illuminate/encryption"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.5.0"
            },
            {
              "fixed": "5.5.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "illuminate/encryption"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.6.0"
            },
            {
              "fixed": "5.6.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1240"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T22:01:01Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "A potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false.\n\nTo exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. Depending on the code within your application, this could lead to unexpected behavior when combined with weak type comparisons, for example:\n\n```php\n\u003c?php\n\n$decyptedValue = decrypt($secret);\n\nif ($decryptedValue == \u0027\u0027) {\n    // Code is run even though decrypted value is false...\n}\n```",
  "id": "GHSA-6wjw-qf87-fv5v",
  "modified": "2024-05-15T22:01:01Z",
  "published": "2024-05-15T22:01:01Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/illuminate/encryption/commit/51667a52bd7d135c6aa40a897656ffe9d3cd072d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/illuminate/encryption/commit/c80b1da6a0412bd74bd56dc80f6126f561631b05"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/encryption/2018-03-30-1.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/illuminate/encryption"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Laravel Encrypter Failure to decryption vulnerability"
}

GHSA-753P-WRJ5-G8FJ

Vulnerability from github – Published: 2024-12-11 21:47 – Updated: 2024-12-11 21:48
VLAI
Summary
PQClean has a correctness error in HQC decapsulation
Details

Impact

A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext.

No concrete attack exploiting the error has been identified at this point. However, the error involves mishandling of the secret key, and in principle this presents a security vulnerability.

Patches

PQClean does not have a release process, as it is a collection of implementations. If you obtained a HQC implementation from PQClean, please update to a version that includes the fixes proposed in https://github.com/PQClean/PQClean/pull/578.

Please also refer to our security policy.

Workarounds

Manually patching is always possible

Further details

In the 2023/04/30 version of the HQC specification and reference implementation, an extra field (sigma) was added to the secret key structure to enable implicit rejection of malformed ciphertexts. The logic to retrieve the public key from the secret key in the decapsulation function was not updated accordingly. As a result, sigma is treated as part of the public key. Later in the decapsulation call, a incorrectly constructed comparison check allows this error to go through undetected. Due to how these two bugs interfere with each other, the decapsulation function never uses sigma to perform implicit rejection; instead, it accepts malformed ciphertexts and returns shared secrets based on their decryptions.

References

This issue was first reported in OQS https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7. The vulnerability was identified by Célian Glénaz and Dahmun Goudarzi (Quarkslab).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "pqcrypto-hqc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1240",
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-11T21:47:37Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext.\n\nNo concrete attack exploiting the error has been identified at this point. However, the error involves mishandling of the secret key, and in principle this presents a security vulnerability.\n\n### Patches\n\nPQClean does not have a release process, as it is a collection of implementations. If you obtained a HQC implementation from PQClean, please update to a version that includes the fixes proposed in https://github.com/PQClean/PQClean/pull/578. \n\nPlease also [refer to our security policy](https://github.com/PQClean/PQClean/blob/master/SECURITY.md).\n\n### Workarounds\n\nManually patching is always possible\n\n### Further details\n\nIn the 2023/04/30 version of the HQC specification and reference implementation, an extra field (sigma) was added to the secret key structure to enable implicit rejection of malformed ciphertexts. The logic to retrieve the public key from the secret key in the decapsulation function was not updated accordingly. As a result, sigma is treated as part of the public key. Later in the decapsulation call, a incorrectly constructed comparison check allows this error to go through undetected. Due to how these two bugs interfere with each other, the decapsulation function never uses sigma to perform implicit rejection; instead, it accepts malformed ciphertexts and returns shared secrets based on their decryptions.\n\n### References\n\nThis issue was first reported in OQS https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7. The vulnerability was identified by C\u00e9lian Gl\u00e9naz and Dahmun Goudarzi (Quarkslab).\n",
  "id": "GHSA-753p-wrj5-g8fj",
  "modified": "2024-12-11T21:48:32Z",
  "published": "2024-12-11T21:47:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/PQClean/PQClean/security/advisories/GHSA-753p-wrj5-g8fj"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PQClean/PQClean/pull/578"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rustpq/pqcrypto/commit/0c07fa8badbf44f67d3ff1571df31ca54e5228c0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/PQClean/PQClean"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "PQClean has a correctness error in HQC decapsulation"
}

GHSA-7852-W36X-6MF6

Vulnerability from github – Published: 2024-05-15 22:08 – Updated: 2024-05-15 22:08
VLAI
Summary
Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior
Details

The Laravel Encrypter component is susceptible to a vulnerability that may result in decryption failure, leading to an unexpected return of false. Exploiting this issue requires the attacker to manipulate the encrypted payload before decryption. When combined with weak type comparisons in the application's code, such as the example below:

<?php

$decyptedValue = decrypt($secret);

if ($decryptedValue == '') {
    // Code is run even though decrypted value is false...
}
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "laravel/framework"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.5.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "laravel/framework"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.6.0"
            },
            {
              "fixed": "5.6.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1240"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T22:08:06Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "The Laravel Encrypter component is susceptible to a vulnerability that may result in decryption failure, leading to an unexpected return of `false`. Exploiting this issue requires the attacker to manipulate the encrypted payload before decryption. When combined with weak type comparisons in the application\u0027s code, such as the example below:\n\n```\n\u003c?php\n\n$decyptedValue = decrypt($secret);\n\nif ($decryptedValue == \u0027\u0027) {\n    // Code is run even though decrypted value is false...\n}\n```",
  "id": "GHSA-7852-w36x-6mf6",
  "modified": "2024-05-15T22:08:06Z",
  "published": "2024-05-15T22:08:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/laravel/framework/commit/28e53f23a76206fb130e9a54eb95aa3f010e79c9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/laravel/framework/commit/886d261df0854426b4662b7ed5db6a1c575a4279"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/laravel/framework/2018-03-30-1.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/laravel/framework"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior"
}

Mitigation MIT-55
Requirements

Require compliance with the strongest-available recommendations from trusted parties, and require that compliance must be kept up-to-date, since recommendations evolve over time. For example, US government systems require FIPS 140-3 certification, which supersedes FIPS 140-2 [REF-1192] [REF-267].

Mitigation
Architecture and Design

Ensure that the architecture/design uses the strongest-available primitives and algorithms from trusted parties. For example, US government systems require FIPS 140-3 certification, which supersedes FIPS 140-2 [REF-1192] [REF-267].

Mitigation MIT-54
Architecture and Design

Do not develop custom or private cryptographic algorithms. They will likely be exposed to attacks that are well-understood by cryptographers. As with all cryptographic mechanisms, the source code should be available for analysis. If the algorithm may be compromised when attackers find out how it works, then it is especially weak.

Mitigation
Architecture and Design

Try not to use cryptographic algorithms in novel ways or with new modes of operation even when you "know" it is secure. For example, using SHA-2 chaining to create a 1-time pad for encryption might sound like a good idea, but one should not do this.

Mitigation MIT-52
Architecture and Design

Ensure that the design can replace one cryptographic primitive or algorithm with another in the next generation ("cryptographic agility"). Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. This is especially important for hardware, which can be more difficult to upgrade quickly than software; design the hardware at a replaceable block level.

Mitigation
Architecture and Design

Do not use outdated or non-compliant cryptography algorithms. Some older algorithms, once thought to require a billion years of computing time, can now be broken in days or hours. This includes MD4, MD5, SHA1, DES, and other algorithms that were once regarded as strong [REF-267].

Mitigation
Architecture and Design Implementation

Do not use a linear-feedback shift register (LFSR) or other legacy methods as a substitute for an accepted and standard Random Number Generator.

Mitigation
Architecture and Design Implementation

Do not use a checksum as a substitute for a cryptographically generated hash.

Mitigation
Architecture and Design

Strategy: Libraries or Frameworks

Use a vetted cryptographic library or framework. Industry-standard implementations will save development time and are more likely to avoid errors that can occur during implementation of cryptographic algorithms. However, the library/framework could be used incorrectly during implementation.

Mitigation
Architecture and Design Implementation

When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for the prevention of common attacks.

Mitigation
Architecture and Design Implementation

Do not store keys in areas accessible to untrusted agents. Carefully manage and protect the cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography algorithm is irrelevant.

CAPEC-97: Cryptanalysis

Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: Total Break (finding the secret key), Global Deduction (finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key), Information Deduction (gaining some information about plaintexts or ciphertexts that was not previously known) and Distinguishing Algorithm (the attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits).