Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1240 — Vulnerability Class 15

15 vulnerabilities classified as CWE-1240. AI Chinese analysis included.

CWE-1240 represents a critical weakness where developers implement cryptographic primitives using non-standard, unproven, or non-compliant methods rather than relying on established, vetted libraries. This flaw typically arises when engineers attempt to optimize performance or customize security features, inadvertently introducing subtle bugs that compromise data integrity. Attackers exploit these risky implementations by leveraging known vulnerabilities in custom algorithms, such as side-channel attacks or mathematical weaknesses, to bypass encryption or forge digital signatures. To avoid this weakness, developers must strictly adhere to industry standards by using well-audited, standard cryptographic libraries and algorithms. Regular security audits and code reviews focused on cryptographic usage are essential to ensure compliance with current best practices, thereby preventing the introduction of insecure custom implementations that could undermine the entire security posture of the application.

MITRE CWE Description
To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation. Cryptographic protocols and systems depend on cryptographic primitives (and associated algorithms) as their basic building blocks. Some common examples of primitives are digital signatures, one-way hash functions, ciphers, and public key cryptography; however, the notion of "primitive" can vary depending on point of view. See "Terminology Notes" for further explanation of some concepts. Cryptographic primitives are defined to accomplish one very specific task in a precisely defined and mathematically reliable fashion. For example, suppose that for a specific cryptographic primitive (such as an encryption routine), the consensus is that the primitive can only be broken after trying out N different inputs (where the larger the value of N, the stronger the cryptography). For an encryption scheme like AES-256, one would expect N to be so large as to be infeasible to execute in a reasonable amount of time. If a vulnerability is ever found that shows that one can break a cryptographic primitive in significantly less than the expected number of attempts, then that primitive is considered weakened (or sometimes in extreme cases, colloquially it is "broken"). As a result, anything using this cryptographic primitive would now be considered insecure or risky. Thus, even breaking or weakening a seemi…
Common Consequences (1)
ConfidentialityRead Application Data
Incorrect usage of crypto primitives could render the supposedly encrypted data as unencrypted plaintext in the worst case.
Mitigations (5)
RequirementsRequire compliance with the strongest-available recommendations from trusted parties, and require that compliance must be kept up-to-date, since recommendations evolve over time. For example, US government systems require FIPS 140-3 certification, which supersedes FIPS 140-2 [REF-1192] [REF-267].
Effectiveness: High
Architecture and DesignEnsure that the architecture/design uses the strongest-available primitives and algorithms from trusted parties. For example, US government systems require FIPS 140-3 certification, which supersedes FIPS 140-2 [REF-1192] [REF-267].
Effectiveness: High
Architecture and DesignDo not develop custom or private cryptographic algorithms. They will likely be exposed to attacks that are well-understood by cryptographers. As with all cryptographic mechanisms, the source code should be available for analysis. If the algorithm may be compromised when attackers find out how it works, then it is especially weak.
Effectiveness: Discouraged Common Practice
Architecture and DesignTry not to use cryptographic algorithms in novel ways or with new modes of operation even when you "know" it is secure. For example, using SHA-2 chaining to create a 1-time pad for encryption might sound like a good idea, but one should not do this.
Effectiveness: Discouraged Common Practice
Architecture and DesignEnsure that the design can replace one cryptographic primitive or algorithm with another in the next generation ("cryptographic agility"). Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. This is especially important for hardware, which can be more difficult to upgrade quickly than software; design the hardware at a replaceabl…
Effectiveness: Defense in Depth
Examples (1)
Re-using random values may compromise security.
Suppose an Encryption algorithm needs a random value for a key. Instead of using a DRNG (Deterministic Random Number Generator), the designer uses a linear-feedback shift register (LFSR) to generate the value.
Bad · Other
If a cryptographic algorithm expects a random number as its input, provide one. Do not provide a pseudo-random value.
Good · Other
CVE IDTitleCVSSSeverityPublished
CVE-2025-64647 Multiple Vulnerabilities in IBM Concert Software — Concert 5.9 Medium2026-03-25
CVE-2026-27017 uTLS has a Chrome Parrot Fingerprint Vulnerability due to GREASE ECH Cipher Suite Mismatch — utls 9.1 -2026-02-20
CVE-2026-22705 RustCrypto: Signatures has timing side-channel in ML-DSA decomposition — signatures 6.4 Medium2026-01-10
CVE-2025-14505 Elliptic Cryptanalysis vulnerability when `k` has leading zeros — Elliptic 5.6 Medium2026-01-08
CVE-2025-53960 Apache StreamPark: Uses the user’s password as the secret key — Apache StreamPark 7.5AIHighAI2025-12-12
CVE-2025-46424 Dell CloudLink 安全漏洞 — CloudLink 6.7 Medium2025-11-05
CVE-2025-58720 Windows Cryptographic Services Information Disclosure Vulnerability — Windows 10 Version 1809 7.8 High2025-10-14
CVE-2025-29808 Windows Cryptographic Services Information Disclosure Vulnerability — Windows Server 2022 5.5 Medium2025-04-08
CVE-2025-29779 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution` — PostQuantum-Feldman-VSS 9.8 -2025-03-14
CVE-2025-22475 Dell PowerProtect Data Domain 安全漏洞 — PowerProtect DD 3.7 Low2025-02-04
CVE-2025-24802 Soundness issue with Plonky2 look up tables — plonky2 8.6 High2025-01-30
CVE-2024-37137 Dell Key Trust Platform 安全漏洞 — CloudLink 3.8 Low2024-06-28
CVE-2023-51392 Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM — Ember ZNet SDK 6.2 Medium2024-02-23
CVE-2024-0220 B&R products use insufficient communication encryption — Automation Studio 8.3 High2024-02-22
CVE-2024-0323 FTP uses unsecure encryption mechanisms — Automation Runtime 9.8 Critical2024-02-05

Vulnerabilities classified as CWE-1240 represent 15 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.