CQE-327: Broken or Risky Cryptographic Algorithm Usage

 
Broken or Risky Cryptographic Algorithm Usage
Quality Issue ID: 327 Maturity: Preliminary
+ Description

Description Summary

This pattern identifies situations where the application uses the cryptographic deployed component while it is not part of the list of vetted cryptographic deployed components. As an example, FIPS 140-2 features a list of validated implementations.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains to
View
ChildOf
Ch
Characteristic
9115Security
Default Graph (primary)9001
ChildOf
Pr
Practice
9136Cryptography
Quality Issues Organized by Practices (primary)9002
CanPrecede
Co
Consequence
9152Unauthorized Access to Sensitive Information
Default Graph (primary)9001

Related Taxonomy Entries

TaxonomyVersionRelated ID
ASCSM1ASCSM-CWE-327
CWE2.11327
+ References
"Automated Source Code Security Measure (ASCSM)". ASCSM-CWE-327. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>.
Page Last Updated or Reviewed: October 01, 2017