CWE-327 Use of a Broken or Risky Cryptographic Algorithm – Detailed Weakness Analysis

Explore CAPEC attack patterns referencing this CWE.

What is CWE (Common Weakness Enumeration)?

The Common Weakness Enumeration (CWE) is a community-developed list of common software and hardware weaknesses. By identifying these weaknesses, developers and security practitioners can prioritize and address potential vulnerabilities early in the development cycle. Explore our comprehensive CWE list below to better understand and mitigate common security issues.

CAPEC Patterns referencing CWE-327

Below is a list of CAPEC attack patterns associated with this CWE-327. Click on each CAPEC to learn more. The right column shows the related weaknesses (including this one).

CAPEC Related Weaknesses
Encryption Brute Forcing
CWE-326 Inadequate Encryption Strength
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-693 Protection Mechanism Failure
CWE-1204 Generation of Weak Initialization Vector (IV)
Creating a Rogue Certification Authority Certificate
CWE-290 Authentication Bypass by Spoofing
CWE-295 Improper Certificate Validation
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Signature Spoof
CWE-20 Improper Input Validation
CWE-290 Authentication Bypass by Spoofing
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Signature Spoofing by Improper Validation
CWE-295 Improper Certificate Validation
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-347 Improper Verification of Cryptographic Signature
Cryptanalysis of Cellular Encryption
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Rooting SIM Cards
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Cryptanalysis
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-1204 Generation of Weak Initialization Vector (IV)
CWE-1240 Use of a Cryptographic Primitive with a Risky Implementation
CWE-1241 Use of Predictable Algorithm in Random Number Generator
CWE-1279 Cryptographic Operations are run Before Supporting Units are Ready

About CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE-327 is one of the established Common Weakness Enumerations that identifies a specific type of vulnerability in software. Detailed analysis of CWE-327 helps organizations understand the risks associated with this weakness and implement effective countermeasures.

Explore related attack patterns, best practices, and expert recommendations on this page. By understanding CWE-327, you can enhance your security posture and better protect your applications against exploitation.