目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-321 使用硬编码的密码学密钥 类漏洞列表 247

CWE-321 使用硬编码的密码学密钥 类弱点 247 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-321 指软件在代码中硬编码了不可更改的加密密钥。攻击者通过逆向工程提取该密钥,即可解密受保护数据或伪造合法通信,严重破坏机密性与完整性。开发者应避免此类做法,改用动态密钥管理机制,如从安全密钥库、环境变量或硬件安全模块中运行时获取密钥,确保密钥可轮换且不与源代码一同发布。

MITRE CWE 官方描述
CWE:CWE-321 使用硬编码的加密密钥(Use of Hard-coded Cryptographic Key) 英文:The product uses a hard-coded, unchangeable cryptographic key. 译文:该产品使用了硬编码且不可更改的加密密钥(cryptographic key)。
常见影响 (1)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity, Read Application Data
If hard-coded cryptographic keys are used, it is almost certain that malicious users will gain access through the account in question. The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
缓解措施 (1)
Architecture and DesignPrevention schemes mirror that of hard-coded password storage.
代码示例 (2)
The following code examples attempt to verify a password using a hard-coded cryptographic key.
int VerifyAdmin(char *password) { if (strcmp(password,"68af404b513073584c4b6f22b6c63e6b")) { printf("Incorrect Password!\n"); return(0); } printf("Entering Diagnostic Mode...\n"); return(1); }
Bad · C
public boolean VerifyAdmin(String password) { if (password.equals("68af404b513073584c4b6f22b6c63e6b")) { System.out.println("Entering Diagnostic Mode..."); return true; } System.out.println("Incorrect Password!"); return false;
Bad · Java
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE ID标题CVSS风险等级Published
CVE-2026-6787 WatchGuard Agent 硬编码密钥漏洞导致进程注入 — WatchGuard Agent--2026-05-06
CVE-2026-42518 CDAC e-Sushrut 安全漏洞 — e-Sushrut, Hospital Management Information System (HMIS) 9.1AICriticalAI2026-04-29
CVE-2026-7306 XXL-JOB 加密问题漏洞 — xxl-job 5.6 Medium2026-04-28
CVE-2026-32644 Milesight AIOT cameras 安全漏洞 — MS-Cxx63-PD 9.8 Critical2026-04-27
CVE-2026-7018 Datavines 加密问题漏洞 — Datavines 5.6 Medium2026-04-26
CVE-2026-6611 DjangoBlog 安全漏洞 — DjangoBlog 3.1 Low2026-04-20
CVE-2026-32958 Silex SD-330AC和Silex AMC Manager 安全漏洞 — SD-330AC 6.5 Medium2026-04-20
CVE-2026-6580 DjangoBlog 安全漏洞 — DjangoBlog 7.3 High2026-04-19
CVE-2026-32324 Anviz CX7 安全漏洞 — Anviz CX7 Firmware 7.7 High2026-04-17
CVE-2026-5426 Digital Knowledge KnowledgeDeliver 安全漏洞 — KnowledgeDeliver 9.8AICriticalAI2026-04-16
CVE-2026-39810 Fortinet FortiClientEMS 安全漏洞 — FortiClientEMS 5.2 Medium2026-04-14
CVE-2026-33266 Apache OpenMeetings 安全漏洞 — Apache OpenMeetings 9.8AICriticalAI2026-04-09
CVE-2026-5622 Huly Platform 安全漏洞 — Huly Platform 3.7 Low2026-04-06
CVE-2026-5549 Tenda AC10 安全漏洞 — AC10 5.3 Medium2026-04-05
CVE-2026-5527 Tenda 4G03 安全漏洞 — 4G03 Pro 5.3 Medium2026-04-04
CVE-2015-10148 Belden多款产品 安全漏洞 — Hirschmann HiLCOS 7.5 High2026-04-03
CVE-2026-5471 Investory Toy Planet Trouble App 安全漏洞 — Toy Planet Trouble App 3.3 Low2026-04-03
CVE-2026-5462 Wahoo Fitness SYSTM App 安全漏洞 — SYSTM App 3.3 Low2026-04-03
CVE-2026-5458 Noelse Individuals & Pro App 安全漏洞 — Individuals & Pro App 3.3 Low2026-04-03
CVE-2026-5457 PropertyGuru AgentNet Singapore App 安全漏洞 — AgentNet Singapore App 3.3 Low2026-04-03
CVE-2026-5456 Align My Invisalign App 安全漏洞 — My Invisalign App 3.3 Low2026-04-03
CVE-2026-5455 Dialogue App 安全漏洞 — Dialogue App 3.3 Low2026-04-03
CVE-2026-5454 Sumi Interactive GRID Organiser 安全漏洞 — Organiser App 3.3 Low2026-04-03
CVE-2026-5453 Rico só vantagem pra investir App 安全漏洞 — só vantagem pra investir App 3.3 Low2026-04-03
CVE-2026-5452 CampusConnect 安全漏洞 — CampusConnect App 3.3 Low2026-04-03
CVE-2026-5420 Shinrays Games Goods Triple App 安全漏洞 — Goods Triple App 2.5 Low2026-04-02
CVE-2026-5310 Iperius Backup 安全漏洞 — Iperius Backup 2.5 Low2026-04-01
CVE-2025-15605 TP-Link多款产品 安全漏洞 — Archer NX600 v3.0 7.1 -2026-03-23
CVE-2026-4588 Kalcaddle Kodbox 安全漏洞 — kodbox 3.7 Low2026-03-23
CVE-2026-4477 Yi Technology YI Home Camera 2 安全漏洞 — YI Home Camera 3.1 Low2026-03-20

CWE-321(使用硬编码的密码学密钥) 是常见的弱点类别,本平台收录该类弱点关联的 247 条 CVE 漏洞。