| Padding Oracle Crypto Attack |
| CWE-209 | Generation of Error Message Containing Sensitive Information |
| CWE-347 | Improper Verification of Cryptographic Signature |
| CWE-354 | Improper Validation of Integrity Check Value |
| CWE-514 | Covert Channel |
| CWE-649 | Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
| CWE-696 | Incorrect Behavior Order |
|
