1. Home
  2. Weaknesses
  3. CWE-347

CWE-347: Improper Verification of Cryptographic Signature

ID CWE-347
Abstraction Base
Structure Simple
Status Draft
Number of CVEs 417
Detail CAPEC Dashboard Vulnerabilities Web & Social
The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Modes of Introduction

Phase Note
Architecture and Design
Implementation REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-345 Insufficient Verification of Data Authenticity Class Simple Draft
CWE-1003 Weaknesses for Simplified Mapping of Published Vulnerabilities Incomplete CWE-345 Insufficient Verification of Data Authenticity Class Simple Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-463 Padding Oracle Crypto Attack CWE-347
CAPEC-475 Signature Spoofing by Improper Validation CWE-347

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date