SYM_JAVA_0035 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Incorrect Type Conversion or Cast
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-704: Incorrect Type Conversion or Cast |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Using Integer.toHexString() to convert hash or byte data to a hex string can strip leading zeroes from each byte, resulting in inconsistent or incorrect representations. This can cause different byte values to appear the same in the output.
Impact
Incorrect hex conversion increases the risk of hash collisions, meaning distinct data may be represented by the same hash value. This weakens data integrity checks, potentially allowing attackers to bypass authentication, tamper with data, or cause other security failures that rely on unique hash values.