Common Weakness Enumeration
Back to CWE stats page
CWE-322
Key Exchange without Entity Authentication
The product performs a key exchange with an actor without verifying the identity of that actor.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that proper authentication is included in the system design.
Mitigation
Phase: Implementation
Description:
- Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications.
No CAPEC attack patterns related to this CWE.