SYM_JAVA_0031 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code uses the ECB (Electronic Codebook) mode for encryption, which always produces the same output for identical input blocks. This makes it easy for attackers to detect patterns and potentially reveal sensitive information.
Impact
If exploited, attackers can analyze encrypted data to uncover patterns or even reconstruct parts of the original data, leading to exposure of confidential information. ECB mode also lacks integrity protection, increasing the risk of tampering or replay attacks.