CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses a broken or risky cryptographic algorithm or protocol.
常见后果
影响范围: Confidentiality
技术影响: Read Application Data
说明: The confidentiality of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.
影响范围: Integrity
技术影响: Modify Application Data
说明: The integrity of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.
影响范围: Accountability Non-Repudiation
技术影响: Hide Activities
说明: If the cryptographic algorithm is used to ensure the identity of the source of the data (such as digital signatures), then a broken algorithm will compromise this scheme and the source of the data cannot be proven.
潜在缓解措施
阶段: Architecture and Design
策略: Libraries or Frameworks
阶段: Architecture and Design
描述: Ensure that the design allows one cryptographic algorithm to be replaced with another in the next generation or version. Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. With hardware, design the product at the Intellectual Property (IP) level so that one cryptographic algorithm can be replaced with another in the next generation of the hardware product.
有效性: Defense in Depth
阶段: Architecture and Design
描述: Carefully manage and protect cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography itself is irrelevant.
阶段: Architecture and Design
策略: Libraries or Frameworks
阶段: Implementation Architecture and Design
描述: When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
检测方法
方法: Automated Analysis
Automated methods may be useful for recognizing commonly-used libraries or features that have become obsolete.
有效性: Moderate
方法: Manual Analysis
This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.
方法: Automated Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Manual Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Dynamic Analysis with Automated Results Interpretation
有效性: SOAR Partial
方法: Dynamic Analysis with Manual Results Interpretation
有效性: High
方法: Manual Static Analysis - Source Code
有效性: High
方法: Automated Static Analysis - Source Code
有效性: High
方法: Automated Static Analysis
有效性: SOAR Partial
方法: Architecture or Design Review
有效性: High
观察示例
参考: CVE-2022-30273
SCADA-based protocol supports a legacy encryption mode that uses Tiny Encryption Algorithm (TEA) in ECB mode, which leaks patterns in messages and cannot protect integrity
参考: CVE-2022-30320
Programmable Logic Controller (PLC) uses a protocol with a cryptographically insecure hashing algorithm for passwords.
参考: CVE-2008-3775
Product uses "ROT-25" to obfuscate the password in the registry.
参考: CVE-2007-4150
product only uses "XOR" to obfuscate sensitive data
参考: CVE-2007-5460
product only uses "XOR" and a fixed key to obfuscate sensitive data
参考: CVE-2005-4860
Product substitutes characters with other characters in a fixed way, and also leaves certain input characters unchanged.
参考: CVE-2002-2058
Attackers can infer private IP addresses by dividing each octet by the MD5 hash of '20'.
参考: CVE-2008-3188
Product uses DES when MD5 has been specified in the configuration, resulting in weaker-than-expected password hashes.
参考: CVE-2005-2946
Default configuration of product uses MD5 instead of stronger algorithms that are available, simplifying forgery of certificates.
参考: CVE-2007-6013
Product uses the hash of a hash for authentication, allowing attackers to gain privileges if they can obtain the original hash.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic. |
| Implementation | With hardware, the Architecture or Design Phase might start with compliant cryptography, but it is replaced with a non-compliant crypto during the later Implementation phase due to implementation constraints (e.g., not enough entropy to make it function properly, or not enough silicon real estate available to implement). Or, in rare cases (especially for long projects that span over years), the Architecture specifications might start with cryptography that was originally compliant at the time the Architectural specs were written, but over the time it became non-compliant due to progress made in attacking the crypto. |
适用平台
编程语言
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CLASP | - | Using a broken or risky cryptographic algorithm | - |
| OWASP Top Ten 2004 | A8 | Insecure Storage | CWE More Specific |
| CERT C Secure Coding | MSC30-C | Do not use the rand() function for generating pseudorandom numbers | CWE More Abstract |
| CERT C Secure Coding | MSC32-C | Properly seed pseudorandom number generators | CWE More Abstract |
| The CERT Oracle Secure Coding Standard for Java (2011) | MSC02-J | Generate strong random numbers | - |
| OMG ASCSM | ASCSM-CWE-327 | - | |
| ISA/IEC 62443 | Part 3-3 | Req SR 4.3 | - |
| ISA/IEC 62443 | Part 4-2 | Req CR 4.3 | - |
关键信息
CWE ID: CWE-327
抽象级别: Class
结构: Simple
状态: Draft
利用可能性: High