CWE-324

Use of a Key Past its Expiration Date

AI Translation Available

The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

Status

draft

Abstraction

base

Likelihood

low

Affected Platforms

Extended Description

AI Translation

While the expiration of keys does not necessarily ensure that they are compromised, it is a significant concern that keys which remain in use for prolonged periods of time have a decreasing probability of integrity. For this reason, it is important to replace keys within a period of time proportional to their strength.

Technical Details

AI Translation

Common Consequences

access control

Impacts

bypass protection mechanism gain privileges or assume identity

Potential Mitigations

Phases:

architecture and design

Descriptions:

• Adequate consideration should be put in to the user interface in order to notify users previous to the key's expiration, to explain the importance of new key generation and to walk users through the process as painlessly as possible.

AI Generated Translation

Common Consequences

controllo degli accessi

Impacts

elusione del meccanismo di protezione ottenere privilegi o assumere identità

Potential Mitigations

Phases:

architettura e design

Descriptions:

• Si dovrebbe prestare un'adeguata attenzione all'interfaccia utente al fine di notificare gli utenti prima della scadenza della chiave, spiegare l'importanza della generazione di una nuova chiave e guidare gli utenti attraverso il processo nel modo più semplice possibile.

CWE-324

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter