v3rn3
commented
6 years ago @fadeevab, sorry for the late reply. You are right, reference should be CWE-327 and we’ll update it asap. Best regards and thank you for reporting us this issue.
Closed fadeevab closed 2 years ago
v3rn3
commented
6 years ago @fadeevab, sorry for the late reply. You are right, reference should be CWE-327 and we’ll update it asap. Best regards and thank you for reporting us this issue.
fadeevab
commented
6 years ago Great, thank you!
IriusRisk has CWE-209-POODLE which seems improper classification.
POODLE attack seems not to be CWE-209: Information Exposure Through an Error Message (http://cwe.mitre.org/data/definitions/209.html).
It looks like to be more likely CWE-327: Use of a Broken or Risky Cryptographic Algorithm.
Thank you for a feedback.