SYM_JAVA_0074 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description
Using CBC mode with PKCS5Padding for encryption exposes your application to padding oracle attacks, allowing attackers to detect valid or invalid padding in encrypted data. This approach also lacks built-in integrity checks, making it insecure for protecting sensitive information.
Impact
If exploited, attackers could decrypt sensitive data without knowing the encryption key by repeatedly probing your application and analyzing its error messages. This could lead to exposure of confidential information, bypass of authentication, or unauthorized access to protected resources, putting user data and system security at risk.