LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is A02 Cryptographic Failure and what types of data are at risk?

Sensitive data is left exposed because crypto is missing, weak, or misused — no TLS in transit, plaintext/weakly-hashed storage at rest, or broken algorithms like MD5/DES.

Renamed from "Sensitive Data Exposure" because the root cause is the crypto failure, not the exposure itself. Example: storing passwords as unsalted MD5 means a single database leak lets attackers crack millions of them with precomputed rainbow tables in seconds — the data was technically "hashed," but the choice of algorithm made it worthless.

Issues:

  • Insufficient encryption in transit (no TLS)
  • Insufficient encryption at rest (unencrypted databases)
  • Weak algorithms (MD5, SHA1, DES)
  • Passwords stored in plaintext, encrypted, or unsalted hash

Sensitive data at risk:

  • Passwords
  • Credit card information
  • Personal information
  • Health data
  • PII (Personally Identifiable Information)

Go deeper:

From Quiz: SPRG / OWASP Top 10 | Updated: Jul 05, 2026