目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-321 使用硬编码的密码学密钥 类漏洞列表 257

CWE-321 使用硬编码的密码学密钥 类弱点 257 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-321 指软件在代码中硬编码了不可更改的加密密钥。攻击者通过逆向工程提取该密钥,即可解密受保护数据或伪造合法通信,严重破坏机密性与完整性。开发者应避免此类做法,改用动态密钥管理机制,如从安全密钥库、环境变量或硬件安全模块中运行时获取密钥,确保密钥可轮换且不与源代码一同发布。

MITRE CWE 官方描述
CWE:CWE-321 使用硬编码的加密密钥(Use of Hard-coded Cryptographic Key) 英文:The product uses a hard-coded, unchangeable cryptographic key. 译文:该产品使用了硬编码且不可更改的加密密钥(cryptographic key)。
常见影响 (1)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity, Read Application Data
If hard-coded cryptographic keys are used, it is almost certain that malicious users will gain access through the account in question. The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
缓解措施 (1)
Architecture and DesignPrevention schemes mirror that of hard-coded password storage.
代码示例 (2)
The following code examples attempt to verify a password using a hard-coded cryptographic key.
int VerifyAdmin(char *password) { if (strcmp(password,"68af404b513073584c4b6f22b6c63e6b")) { printf("Incorrect Password!\n"); return(0); } printf("Entering Diagnostic Mode...\n"); return(1); }
Bad · C
public boolean VerifyAdmin(String password) { if (password.equals("68af404b513073584c4b6f22b6c63e6b")) { System.out.println("Entering Diagnostic Mode..."); return true; } System.out.println("Incorrect Password!"); return false;
Bad · Java
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE ID标题CVSS风险等级Published
CVE-2026-5456 Align My Invisalign App 安全漏洞 — My Invisalign App 3.3 Low2026-04-03
CVE-2026-5455 Dialogue App 安全漏洞 — Dialogue App 3.3 Low2026-04-03
CVE-2026-5454 Sumi Interactive GRID Organiser 安全漏洞 — Organiser App 3.3 Low2026-04-03
CVE-2026-5453 Rico só vantagem pra investir App 安全漏洞 — só vantagem pra investir App 3.3 Low2026-04-03
CVE-2026-5452 CampusConnect 安全漏洞 — CampusConnect App 3.3 Low2026-04-03
CVE-2026-5420 Shinrays Games Goods Triple App 安全漏洞 — Goods Triple App 2.5 Low2026-04-02
CVE-2026-5310 Iperius Backup 安全漏洞 — Iperius Backup 2.5 Low2026-04-01
CVE-2025-15605 TP-Link多款产品 安全漏洞 — Archer NX600 v3.0 7.1 -2026-03-23
CVE-2026-4588 Kalcaddle Kodbox 安全漏洞 — kodbox 3.7 Low2026-03-23
CVE-2026-4477 Yi Technology YI Home Camera 2 安全漏洞 — YI Home Camera 3.1 Low2026-03-20
CVE-2026-3963 go-fastdfs-web 安全漏洞 — go-fastdfs-web 3.7 Low2026-03-11
CVE-2025-14923 IBM WebSphere Application Server Liberty 安全漏洞 — WebSphere Application Server - Liberty 4.7 Medium2026-03-03
CVE-2026-0754 HP Poly Edge E Series 安全漏洞 — VVX 7.5AIHighAI2026-03-03
CVE-2026-1442 Unitree UPK 安全漏洞 — UPK 7.8 High2026-02-27
CVE-2026-27519 Binardat 10G08-0800GSM 加密问题漏洞 — 10G08-0800GSM Network Switch 7.5 High2026-02-24
CVE-2026-26335 Calero VeraSMART 安全漏洞 — VeraSMART 8.8AIHighAI2026-02-13
CVE-2026-25894 FUXA 安全漏洞 — FUXA 9.8AICriticalAI2026-02-09
CVE-2026-22906 WAGO Industrial-Managed-Switch 0852-1322和WAGO Industrial-Managed-Switch 0852-1328 安全漏洞 — 0852-1322 9.8 Critical2026-02-09
CVE-2026-2103 Infor SyteLine ERP 安全漏洞 — SyteLine ERP 7.1 High2026-02-06
CVE-2026-22586 Salesforce Marketing Cloud Engagement 安全漏洞 — Marketing Cloud Engagement 9.4 -2026-01-24
CVE-2025-58740 Milner ImageDirector Capture 安全漏洞 — ImageDirector Capture 5.5AIMediumAI2026-01-20
CVE-2025-62581 Delta Electronics DIAView 安全漏洞 — DIAView 9.8 Critical2026-01-16
CVE-2025-15108 PandaX 安全漏洞 — PandaX 3.7 Low2025-12-27
CVE-2025-15107 SQLE 安全漏洞 — sqle 3.7 Low2025-12-27
CVE-2025-15105 Maxun 安全漏洞 — maxun 3.7 Low2025-12-27
CVE-2025-68948 SiYuan 安全漏洞 — siyuan 8.4 -2025-12-27
CVE-2025-52601 Hanwha Vision IP Cameras 安全漏洞 — Device Manager 4.3 -2025-12-26
CVE-2025-15016 Ragic Enterprise Cloud Database 安全漏洞 — Enterprise Cloud Database 9.8 Critical2025-12-22
CVE-2025-15005 Webzyme CouchCMS 安全漏洞 — CouchCMS 3.7 Low2025-12-22
CVE-2025-14651 One Hub 安全漏洞 — one-hub 3.7 Low2025-12-14

CWE-321(使用硬编码的密码学密钥) 是常见的弱点类别,本平台收录该类弱点关联的 257 条 CVE 漏洞。