目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-327 使用已被攻破或存在风险的密码学算法 类漏洞列表 266

CWE-327 使用已被攻破或存在风险的密码学算法 类弱点 266 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-327指使用已损坏或存在风险加密算法的漏洞。攻击者常利用弱算法(如MD5、DES)破解数据,窃取敏感信息或篡改内容。开发者应避免使用已知不安全的算法,优先采用AES、SHA-256等现代标准,并定期审查加密实现,确保密钥管理安全,以保障数据机密性与完整性。

MITRE CWE 官方描述
CWE:CWE-327 使用损坏或有风险的加密算法 (Use of a Broken or Risky Cryptographic Algorithm) 英文:The product uses a broken or risky cryptographic algorithm or protocol. 译文:该产品使用了损坏或有风险的加密算法或协议。 加密算法 (Cryptographic algorithms) 是用于对数据进行混淆以防止未经授权的实体进行观察或干预的方法。不安全的加密 (Insecure cryptography) 可能被利用来暴露敏感信息、以意外方式修改数据、伪造其他用户或设备的身份,或造成其他影响。生成一个安全的算法非常困难,即使是知名加密专家设计的高知名度算法也可能被破解。目前存在已知的技术可以破解或削弱各种类型的加密。因此,只有少数经过充分理解和广泛研究的算法应被大多数产品使用。使用非标准或已知不安全的算法是危险的,因为坚定的攻击者可能能够破解该算法,从而破坏受保护的数据。由于密码学 (Cryptography) 的发展非常迅速,即使某个算法曾经被认为很强,现在也可能被视为“不安全”。这可能是因为发现了新的攻击方法,或者因为计算能力的大幅提升使得该加密算法不再能提供最初认为的保护程度。出于多种原因,与软件实现相比,在硬件部署中管理这种弱点更具挑战性。首先,如果发现硬件实现的加密存在缺陷,在大多数情况下无法修复该缺陷,除非召回产品,因为硬件不像软件那样易于更换。其次,由于硬件产品预期会运行多年,攻击者的计算能力将随着时间的推移而不断增强。
常见影响 (3)
ConfidentialityRead Application Data
The confidentiality of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.
IntegrityModify Application Data
The integrity of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.
Accountability, Non-RepudiationHide Activities
If the cryptographic algorithm is used to ensure the identity of the source of the data (such as digital signatures), then a broken algorithm will compromise this scheme and the source of the data cannot be proven.
缓解措施 (5)
Architecture and DesignWhen there is a need to store or transmit sensitive data, use strong, up-to-date cryptographic algorithms to encrypt that data. Select a well-vetted algorithm that is currently considered to be strong by experts in the field, and use well-tested implementations. As with all cryptographic mechanisms, the source code should be available for analysis. For example, US government systems require FIPS 1…
Architecture and DesignEnsure that the design allows one cryptographic algorithm to be replaced with another in the next generation or version. Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. With hardware, design the product at the Intellectual Property (IP) level so that one cryptographic algorithm can be replaced with another in the next generat…
Effectiveness: Defense in Depth
Architecture and DesignCarefully manage and protect cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography itself is irrelevant.
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482]. Industry-standard implementations will save development time and may be more likely to avoid errors that can occur during implementation of cryptographic algorithms. Consider the ESAPI Encryption feature.
Implementation, Architecture and DesignWhen using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
代码示例 (2)
These code examples use the Data Encryption Standard (DES).
EVP_des_ecb();
Bad · C
Cipher des=Cipher.getInstance("DES..."); des.initEncrypt(key2);
Bad · Java
Suppose a chip manufacturer decides to implement a hashing scheme for verifying integrity property of certain bitstream, and it chooses to implement a SHA1 hardware accelerator for to implement the scheme.
The manufacturer chooses a SHA1 hardware accelerator for to implement the scheme because it already has a working SHA1 Intellectual Property (IP) that the manufacturer had created and used earlier, so this reuse of IP saves design cost.
Bad · Other
The manufacturer could have chosen a cryptographic solution that is recommended by the wide security community (including standard-setting bodies like NIST) and is not expected to be broken (or even better, weakened) within the reasonable life expectancy of the hardware product. In this case, the architects could have used SHA-2 or SHA-3, even if it meant that such choice would cost extra.
Good · Other
CVE ID标题CVSS风险等级Published
CVE-2026-40641 Dell PowerFlex Manager 加密问题漏洞 — PowerFlex 4.8 Medium2026-06-17
CVE-2026-9261 佳能网络设置工具1.5.0及更早版本SSH弱加密算法漏洞 — EOS Network Setting Tool for Windows 6.8 Medium2026-06-15
CVE-2026-50086 Aqara IAM/SSO Gateway 加密问题漏洞 — Aqara IAM/SSO Gateway 10.0 Critical2026-06-12
CVE-2026-40996 VMware Spring Web Services 加密问题漏洞 — Spring Web Services 4.8 Medium2026-06-11
CVE-2025-10237 Lenovo ThinkPad 加密问题漏洞 — X13 Gen 6 (Type 21RK, 21RL) Laptops (ThinkPad) BIOS 6.7 Medium2026-06-10
CVE-2026-45701 Sulu 加密问题漏洞 — sulu--2026-06-01
CVE-2025-46371 Dell PowerFlex Manager 加密问题漏洞 — PowerFlex Manager (Appliance) 3.6 Low2026-05-22
CVE-2026-44053 Netatalk 加密问题漏洞 — Netatalk 7.4 High2026-05-21
CVE-2026-44699 libjwt 加密问题漏洞 — libjwt--2026-05-15
CVE-2026-8072 Ingeteam Ingecon Sun EMS Board 加密问题漏洞 — Ingecon Sun EMS Board--2026-05-12
CVE-2026-6411 MAXHUB Pivot client application 加密问题漏洞 — MAXHUB Pivot client application 7.3 High2026-05-07
CVE-2026-44405 Paramiko 加密问题漏洞 — Paramiko 3.4 Low2026-05-05
CVE-2026-32959 Silex SD-330AC和Silex AMC Manager 安全漏洞 — SD-330AC 5.9 Medium2026-04-20
CVE-2026-5588 Bouncy Castle Java 安全漏洞 — BC-JAVA 9.1 -2026-04-15
CVE-2025-14813 Bouncy Castle Java 安全漏洞 — BC-JAVA 7.5 -2026-04-15
CVE-2025-14859 Semtech LR11xx LoRa 安全漏洞 — LR1110 4.2AIMediumAI2026-04-07
CVE-2026-5682 Meesho Online Shopping 加密问题漏洞 — Online Shopping App 3.7 Low2026-04-06
CVE-2026-34950 fast-jwt 加密问题漏洞 — fast-jwt 9.1 Critical2026-04-06
CVE-2025-13916 IBM Aspera Shares 加密问题漏洞 — Aspera Shares 5.9 Medium2026-04-01
CVE-2019-25651 Ubiquiti多款产品 加密问题漏洞 — UniFi Network Controller 8.3 High2026-03-27
CVE-2026-28252 Trane多款产品 加密问题漏洞 — Tracer SC 9.8AICriticalAI2026-03-12
CVE-2025-41711 Janitza UMG 96RM-E 24V和Janitza UMG 96RM-E 230V 加密问题漏洞 — UMG 96RM-E 24V(5222063) 5.3 Medium2026-03-10
CVE-2026-28479 OpenClaw 加密问题漏洞 — OpenClaw 7.5 High2026-03-05
CVE-2026-30791 RustDesk 安全漏洞 — RustDesk Client 9.8 -2026-03-05
CVE-2026-3598 RustDesk Server PRO 安全漏洞 — RustDesk Server Pro 7.5 -2026-03-05
CVE-2025-14456 IBM MQ Appliance 加密问题漏洞 — MQ Appliance 6.5AIMediumAI2026-03-03
CVE-2025-14480 IBM Aspera faspio Gateway 加密问题漏洞 — Aspera faspio Gateway 5.1 Medium2026-03-03
CVE-2026-1627 SICK LMS1000和SICK MRS1000 安全漏洞 — SICK LMS1000 6.5 Medium2026-02-27
CVE-2026-1626 SICK LMS1000和SICK MRS1000 安全漏洞 — SICK LMS1000 6.5 Medium2026-02-27
CVE-2026-21718 Copeland多款产品 加密问题漏洞 — Copeland XWEB 300D PRO 10.0 Critical2026-02-27

CWE-327(使用已被攻破或存在风险的密码学算法) 是常见的弱点类别,本平台收录该类弱点关联的 266 条 CVE 漏洞。