SYM_CS_0038 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cryptographic Issues
| Property | Value |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-310: CWE CATEGORY: Cryptographic Issues |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Using the X509Certificate2.PrivateKey property is insecure because it is obsolete and can lead to improper handling of private keys. This can leave private keys on disk if not managed correctly, increasing the risk of unauthorized access.
Impact
If private keys are unintentionally left on disk or mishandled, attackers could recover them and compromise encrypted data, impersonate users or services, or undermine authentication mechanisms. This exposes sensitive information and weakens the application's overall security.