SYM_GO_0049 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code uses the RC4 cipher algorithm for encryption, which is widely considered insecure due to multiple known weaknesses. Sensitive data protected with RC4 can be easily compromised.
Impact
Attackers could decrypt or manipulate confidential data by exploiting RC4's vulnerabilities, leading to data breaches, exposure of sensitive information, or unauthorized access. This compromises the security and trustworthiness of your application.