LIVE NEWSROOM · --:-- · May 25, 2026

A LIBRARY FOR SECURITY RESEARCHERS

CWE WEAKNESSES / CWE-347

CWE-347

Improper Verification of Cryptographic Signature

Base

What it is

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Impact

Access Control, Integrity, Confidentiality

Gain Privileges or Assume Identity, Modify Application Data, Execute Unauthorized Code or Commands

Real-world CVE examples

CVE-2002-1796 — Does not properly verify signatures for "trusted" entities.
CVE-2005-2181 — Insufficient verification allows spoofing.
CVE-2005-2182 — Insufficient verification allows spoofing.
CVE-2002-1706 — Accepts a configuration file without a Message Integrity Check (MIC) signature.

Related weaknesses

CWE-345 (childof)

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →