application-security

Cryptographic Failure

Definition

Cryptographic failures occur when applications use weak, outdated, or incorrectly implemented cryptography to protect sensitive data. Common examples include using MD5 or SHA-1 for password hashing, storing passwords without salting, using ECB mode for symmetric encryption, or transmitting sensitive data over HTTP.

OWASP renamed this category from Sensitive Data Exposure in 2021 to better reflect that the root cause is often a crypto failure rather than just missing encryption.

Related Terms

Sensitive Data Exposure

TLS

Transport Layer Security

SSDLC

Secure Software Development Lifecycle

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product