Quiz Entry - updated: 2026.07.05
What is A02 Cryptographic Failure and what types of data are at risk?
Sensitive data is left exposed because crypto is missing, weak, or misused — no TLS in transit, plaintext/weakly-hashed storage at rest, or broken algorithms like MD5/DES.
Renamed from "Sensitive Data Exposure" because the root cause is the crypto failure, not the exposure itself. Example: storing passwords as unsalted MD5 means a single database leak lets attackers crack millions of them with precomputed rainbow tables in seconds — the data was technically "hashed," but the choice of algorithm made it worthless.
Issues:
- Insufficient encryption in transit (no TLS)
- Insufficient encryption at rest (unencrypted databases)
- Weak algorithms (MD5, SHA1, DES)
- Passwords stored in plaintext, encrypted, or unsalted hash
Sensitive data at risk:
- Passwords
- Credit card information
- Personal information
- Health data
- PII (Personally Identifiable Information)
Go deeper:
OWASP Top 10 — A02: Cryptographic Failures — canonical page incl. the rename rationale.