ClassDraft
CWE-327Use of a Broken or Risky Cryptographic Algorithm
Category: other
Description
The product uses a broken or risky cryptographic algorithm or protocol.
Common consequences· 3
- Confidentiality — Read Application DataThe confidentiality of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.
- Integrity — Modify Application DataThe integrity of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.
- Accountability / Non-Repudiation — Hide ActivitiesIf the cryptographic algorithm is used to ensure the identity of the source of the data (such as digital signatures), then a broken algorithm will compromise this scheme and the source of the data cannot be proven.
Potential mitigations· 5
- [Architecture and Design]
- [Architecture and Design]Ensure that the design allows one cryptographic algorithm to be replaced with another in the next generation or version. Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. With hardware, design the product at the Intellectual Property (IP) level so that one cryptographic algorithm can be replaced with another in the next generation of the hardware product.
- [Architecture and Design]Carefully manage and protect cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography itself is irrelevant.
- [Architecture and Design]
- [Implementation, Architecture and Design]When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
Related CAPEC attack patterns· 7
References
Exploits (incoming)7
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Cryptanalysis of Cellular Encryptioncapec-608 | 100% | live |
| AttackPattern | Creating a Rogue Certification Authority Certificatecapec-459 | 100% | live |
| AttackPattern | Signature Spoofing by Improper Validationcapec-475 | 100% | live |
| AttackPattern | Rooting SIM Cardscapec-614 | 100% | live |
| AttackPattern | Cryptanalysiscapec-97 | 100% | live |
| AttackPattern | Signature Spoofcapec-473 | 100% | live |
| AttackPattern | Encryption Brute Forcingcapec-20 | 100% | live |
Compliance frameworks addressing this (incoming)6
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | iso27001-a.8.24 | 100% | live |
| ComplianceControl | cra-annexi-1 | 100% | live |
| ComplianceControl | ai_act-art15 | 100% | live |
| ComplianceControl | nis2-art21h | 100% | live |
| ComplianceControl | ai_act-art9 | 100% | live |
| ComplianceControl | owasp_top10-a02 | 95% | live |
(incoming)21
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-13476cve-2025-13476 | 0% | live |
| Vulnerability | CVE-2025-3200cve-2025-3200 | 0% | live |
| Vulnerability | CVE-2025-3938cve-2025-3938 | 0% | live |
| Vulnerability | CVE-2025-49196cve-2025-49196 | 0% | live |
| Vulnerability | CVE-2025-51726cve-2025-51726 | 0% | live |
| Vulnerability | CVE-2025-59484cve-2025-59484 | 0% | live |
| Vulnerability | CVE-2025-65849cve-2025-65849 | 0% | live |
| Vulnerability | CVE-2025-65951cve-2025-65951 | 0% | live |
| Vulnerability | CVE-2025-69929cve-2025-69929 | 0% | live |
| Vulnerability | CVE-2025-9146cve-2025-9146 | 0% | live |
| Vulnerability | CVE-2025-9317cve-2025-9317 | 0% | live |
| Vulnerability | CVE-2026-1626cve-2026-1626 | 0% | live |
| Vulnerability | CVE-2026-1627cve-2026-1627 | 0% | live |
| Vulnerability | CVE-2026-21718cve-2026-21718 | 0% | live |
| Vulnerability | CVE-2026-22585cve-2026-22585 | 0% | live |
| Vulnerability | CVE-2026-24785cve-2026-24785 | 0% | live |
| Vulnerability | CVE-2026-26219cve-2026-26219 | 0% | live |
| Vulnerability | CVE-2026-27804cve-2026-27804 | 0% | live |
| Vulnerability | CVE-2026-28252cve-2026-28252 | 0% | live |
| Vulnerability | CVE-2026-28479cve-2026-28479 | 0% | live |
| Vulnerability | CVE-2026-34950cve-2026-34950 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.