SiteShadow
Back to vulnerability library
Detected byCWE-aware static analysisPro

CWE-327 Broken or Risky Cryptographic Algorithm

Coverage: 23 rules in the SiteShadow rule registry target this CWE (registry v2.0.0). Regex 21Other-pattern 2 Also: Taint and heuristic analyzers may also detect related flows (see coverage for the authoritative list) Registry tagging shows intent, for sample-level behaviour and benchmarked gaps see known gaps.

What this means

SiteShadow flagged use of cryptographic algorithms or settings that are considered broken, weak, or deprecated for security purposes.

Why it matters

Broken crypto can be brute-forced or bypassed.

Safer examples

1) Use modern, vetted primitives

2) Avoid deprecated/broken algorithms for security

Examples: MD5, SHA1 (for integrity/auth), DES/3DES, RC4.

3) Prefer libraries that are secure-by-default

Minimize custom crypto configuration and avoid rolling your own.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.