CWE-327 – Use of a Broken or Risky Cryptographic Algorithm

Read Time:2 Minute, 15 Second

Description

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Well-known techniques may exist to break the algorithm.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-693
CWE-311

 

Consequences

Confidentiality: Read Application Data

The confidentiality of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.

Integrity: Modify Application Data

The integrity of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.

Accountability, Non-Repudiation: Hide Activities

If the cryptographic algorithm is used to ensure the identity of the source of the data (such as digital signatures), then a broken algorithm will compromise this scheme and the source of the data cannot be proven.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Phase: Architecture and Design

Effectiveness: Defense in Depth

Description: 

Ensure that the design allows one cryptographic algorithm can be replaced with another in the next generation or version. Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. This is especially important for hardware, which can be more difficult to upgrade quickly than software.

Phase: Architecture and Design

Description: 

Carefully manage and protect cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography itself is irrelevant.

Phase: Architecture and Design

Description: 

Phase: Implementation, Architecture and Design

Description: 

When using industry-approved techniques, use them correctly. Don’t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.

CVE References

  • CVE-2008-3775
    • Product uses “ROT-25” to obfuscate the password in the registry.
  • CVE-2007-4150
    • product only uses “XOR” to obfuscate sensitive data
  • CVE-2007-5460
    • product only uses “XOR” and a fixed key to obfuscate sensitive data
  • CVE-2005-4860
    • Product substitutes characters with other characters in a fixed way, and also leaves certain input characters unchanged.
  • CVE-2002-2058
    • Attackers can infer private IP addresses by dividing each octet by the MD5 hash of ’20’.
  • CVE-2008-3188
    • Product uses DES when MD5 has been specified in the configuration, resulting in weaker-than-expected password hashes.
  • CVE-2005-2946
    • Default configuration of product uses MD5 instead of stronger algorithms that are available, simplifying forgery of certificates.
  • CVE-2007-6013
    • Product uses the hash of a hash for authentication, allowing attackers to gain privileges if they can obtain the original hash.