Back to Home

Cryptographic Failures

A02:2021 - Weak encryption & data exposure

What are Cryptographic Failures?

Failures related to cryptography (or lack thereof) that allow attackers to access sensitive data. This includes weak hashing algorithms, plaintext storage, and improper key management.

Common Issues:

  • Weak hashing (MD5, SHA1) without salt
  • Plaintext password storage
  • Unencrypted sensitive data at rest or in transit
  • Hardcoded encryption keys
  • Deprecated cryptographic protocols

Before WAF: Vulnerable

Without Cloudflare WAF, sensitive data is exposed and weakly protected

Step 1: View Exposed Sensitive Data

# API returns plaintext passwords and weak hashes
"<your-worker-url>/api/crypto"

# Response shows:
# - Plaintext passwords
# - MD5 hashes without salt
# - Crackable with rainbow tables

Vulnerability: Data stored without encryption, weak hashing, and exposed via API.

After WAF: Protected

With Cloudflare WAF and SSL/TLS enabled, data is encrypted in transit

Enable Cloudflare Protection:

  1. Go to Cloudflare Dashboard → SSL/TLS
  2. Set encryption mode to "Full (Strict)"
  3. Enable "Always Use HTTPS"
  4. Enable "Automatic HTTPS Rewrites"

Result: All traffic is encrypted with TLS 1.3. HTTP requests redirect to HTTPS.

Cloudflare Security Features

  • Automatic HTTPS: Enforces encryption for all traffic
  • TLS 1.3: Modern cryptographic protocol
  • Certificate Management: Automatic SSL certificate provisioning