目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-321 使用硬编码的密码学密钥 类漏洞列表 248

CWE-321 使用硬编码的密码学密钥 类弱点 248 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-321 指软件在代码中硬编码了不可更改的加密密钥。攻击者通过逆向工程提取该密钥,即可解密受保护数据或伪造合法通信,严重破坏机密性与完整性。开发者应避免此类做法,改用动态密钥管理机制,如从安全密钥库、环境变量或硬件安全模块中运行时获取密钥,确保密钥可轮换且不与源代码一同发布。

MITRE CWE 官方描述
CWE:CWE-321 使用硬编码的加密密钥(Use of Hard-coded Cryptographic Key) 英文:The product uses a hard-coded, unchangeable cryptographic key. 译文:该产品使用了硬编码且不可更改的加密密钥(cryptographic key)。
常见影响 (1)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity, Read Application Data
If hard-coded cryptographic keys are used, it is almost certain that malicious users will gain access through the account in question. The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
缓解措施 (1)
Architecture and DesignPrevention schemes mirror that of hard-coded password storage.
代码示例 (2)
The following code examples attempt to verify a password using a hard-coded cryptographic key.
int VerifyAdmin(char *password) { if (strcmp(password,"68af404b513073584c4b6f22b6c63e6b")) { printf("Incorrect Password!\n"); return(0); } printf("Entering Diagnostic Mode...\n"); return(1); }
Bad · C
public boolean VerifyAdmin(String password) { if (password.equals("68af404b513073584c4b6f22b6c63e6b")) { System.out.println("Entering Diagnostic Mode..."); return true; } System.out.println("Incorrect Password!"); return false;
Bad · Java
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE ID标题CVSS风险等级Published
CVE-2025-13316 Lynx Twonky Server 安全漏洞 — Twonky Server 9.8AICriticalAI2025-11-19
CVE-2025-12177 WordPress plugin Download Manager 安全漏洞 — Download Manager 5.3 Medium2025-11-08
CVE-2025-12615 PHPGurukul News Portal 安全漏洞 — News Portal 5.0 Medium2025-11-03
CVE-2025-12599 Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞 — BLU-IC2 7.5 -2025-11-01
CVE-2025-54471 NeuVector 安全漏洞 — neuvector 6.5 Medium2025-10-30
CVE-2025-46582 ZTE ZXMP M721 安全漏洞 — ZXMP M721 7.7 High2025-10-27
CVE-2025-34500 Light & Wonder Deck Mate 安全漏洞 — Deck Mate 2 9.8 -2025-10-24
CVE-2025-11899 Flowring Agentflow 安全漏洞 — Agentflow 8.1 High2025-10-17
CVE-2025-58426 Desknets Neo 安全漏洞 — desknet's NEO 9.8AICriticalAI2025-10-16
CVE-2025-11609 Code-Projects Hospital Management System 安全漏洞 — Hospital Management System 3.7 Low2025-10-11
CVE-2025-35052 Newforma Project Center Server 安全漏洞 — Project Center 5.3 Medium2025-10-09
CVE-2025-11290 CRMEB 安全漏洞 — CRMEB 5.6 Medium2025-10-05
CVE-2025-24525 Keysight Ixia Vision 安全漏洞 — Ixia Vision Product Family 7.5 High2025-09-30
CVE-2025-34217 Vasion Print Virtual Appliance Host和Vasion Print Application 安全漏洞 — Print Virtual Appliance Host 9.8 -2025-09-30
CVE-2025-8625 WordPress plugin Copypress Rest API 安全漏洞 — Copypress Rest API 9.8 Critical2025-09-30
CVE-2025-34211 Vasion Print Virtual Appliance Host 安全漏洞 — Print Virtual Appliance Host 7.5AIHighAI2025-09-29
CVE-2025-34234 Vasion Print Virtual Appliance Host 安全漏洞 — Print Virtual Appliance Host 9.1AICriticalAI2025-09-29
CVE-2025-36326 IBM Cognos Controller和IBM Controller 安全漏洞 — Cognos Controller 3.7 Low2025-09-26
CVE-2025-60250 Unitree多款产品 安全漏洞 — Go2 4.7 Medium2025-09-26
CVE-2025-58069 AutomationDirect CLICK PLUS 安全漏洞 — CLICK PLUS C0-0x CPU firmware 5.3 Medium2025-09-23
CVE-2025-54807 Dover Fueling Solutions多款产品 安全漏洞 — ProGauge MagLink LX 4 9.8 Critical2025-09-18
CVE-2025-55112 BMC Control-M 安全漏洞 — Control-M/Agent 7.4 High2025-09-16
CVE-2025-10250 DJI Mavic 安全漏洞 — Mavic Spark 5.0 Medium2025-09-11
CVE-2025-10080 Datart 安全漏洞 — Datart 3.1 Low2025-09-08
CVE-2025-30198 ECOVACS robot vacuums 安全漏洞 — DEEBOT X1 Series 6.3 Medium2025-09-05
CVE-2025-30200 ECOVACS robot vacuums 安全漏洞 — DEEBOT X1 Series 6.3 Medium2025-09-05
CVE-2025-9604 Coze Studio 安全漏洞 — coze-studio 3.7 Low2025-08-29
CVE-2025-41702 Welotec多款产品 安全漏洞 — EG400Mk2-D11001-000101 9.8 Critical2025-08-26
CVE-2025-8759 TRENDnet TN-200 安全漏洞 — TN-200 3.7 Low2025-08-09
CVE-2025-2810 Dräger ICMHelper 安全漏洞 — Draeger ICMHelper 5.5 Medium2025-08-05

CWE-321(使用硬编码的密码学密钥) 是常见的弱点类别,本平台收录该类弱点关联的 248 条 CVE 漏洞。