Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-324 (使用已过期的密钥) — Vulnerability Class 16

16 vulnerabilities classified as CWE-324 (使用已过期的密钥). AI Chinese analysis included.

CWE-324 represents a cryptographic weakness where software continues to utilize a key or password after its designated expiration date has passed. This oversight significantly diminishes security by expanding the temporal window available for attackers to perform brute-force or cryptanalytic attacks against the compromised credential. While expiration does not guarantee immediate compromise, prolonged usage increases the statistical probability of key exposure through accumulated data analysis or side-channel attacks. Developers can mitigate this risk by implementing robust key lifecycle management systems that automatically enforce rotation policies and revoke expired credentials. By integrating automated alerts and strict validation checks, organizations ensure that cryptographic materials are refreshed regularly, thereby minimizing the exposure window and maintaining the integrity of encrypted communications and stored sensitive data.

MITRE CWE Description
The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. While the expiration of keys does not necessarily ensure that they are compromised, it is a significant concern that keys which remain in use for prolonged periods of time have a decreasing probability of integrity. For this reason, it is important to replace keys within a period of time proportional to their strength.
Common Consequences (1)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity
The cryptographic key in question may be compromised, providing a malicious user with a method for authenticating as the victim.
Mitigations (1)
Architecture and DesignAdequate consideration should be put in to the user interface in order to notify users previous to the key's expiration, to explain the importance of new key generation and to walk users through the process as painlessly as possible.
Examples (1)
The following code attempts to verify that a certificate is valid.
if (cert = SSL_get_peer_certificate(ssl)) { foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || (X509_V_ERRCERT_NOT_YET_VALID==foo)) //do stuff }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2025-13723 IBM Sterling Partner Engagement Manager Information Disclosure — Sterling Partner Engagement Manager 5.3 Medium2026-03-13
CVE-2025-33012 IBM Db2 improper account lockout — Db2 6.3 Medium2025-11-07
CVE-2025-48813 Virtual Secure Mode Spoofing Vulnerability — Windows 10 Version 1809 6.3 Medium2025-10-14
CVE-2023-5342 Shim: expired secure boot certificate 4.1 Medium2025-08-15
CVE-2025-2291 PgBouncer default auth_query does not take Postgres password expiry into account — PgBouncer 8.1 High2025-04-16
CVE-2025-31123 Zitadel Expired JWT Keys Usable for Authorization Grants — zitadel 8.7 High2025-03-31
CVE-2024-7318 Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity 4.8 Medium2024-09-09
CVE-2024-6299 Use of a Key Past its Expiration Date in Conduit — Conduit 4.8 Medium2024-06-25
CVE-2024-38277 moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys — Moodle 7.5AIHighAI2024-06-18
CVE-2024-31894 IBM App Connect Enterprise information disclosure — App Connect Enterprise 4.3 Medium2024-05-22
CVE-2024-31895 IBM App Connect Enterprise information disclosure — App Connect Enterprise 4.3 Medium2024-05-22
CVE-2024-31893 IBM App Connect Enterprise information disclosure — App Connect Enterprise 4.3 Medium2024-05-22
CVE-2022-35401 ASUS RT-AX82U 授权问题漏洞 — RT-AX82U 9.8 -2023-01-10
CVE-2022-2447 OpenStack 安全漏洞 — openstack-keystone 6.6 -2022-09-01
CVE-2021-33020 Philips Vue PACS Use of a Key Past its Expiration Date — Vue PACS 8.2 High2022-04-01
CVE-2019-3790 Ops Manager uaa client issues tokens after refresh token expiration — Pivotal Ops Manager 4.3 -2019-06-06

Vulnerabilities classified as CWE-324 (使用已过期的密钥) represent 16 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.