SYM_JAVA_0026 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code uses NullCipher, which does not actually encrypt data—any sensitive information remains as plain text. This means data meant to be protected is left unencrypted and exposed.
Impact
If exploited, attackers can easily access confidential data because it is not encrypted, leading to potential data leaks, privacy violations, or regulatory non-compliance. This puts user and business information at significant risk.