SYM_CLS_0004 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Cryptographic Key
| Property | Value |
|---|---|
| Language | apex |
| Severity |  |
| CWE | CWE-321: Use of Hard-coded Cryptographic Key |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The rule makes sure you are using randomly generated IVs and keys for Crypto calls. Hard-coding these values greatly compromises the security of encrypted data.