SYM_JAVA_0104 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code uses the DES encryption algorithm, which is outdated and no longer considered secure. It should be replaced with a modern cipher like AES to protect sensitive data effectively.
Impact
If DES is used, attackers could break the encryption and access confidential information, leading to data breaches and exposure of sensitive user or business data. This can result in loss of trust, regulatory penalties, and damage to the organization's reputation.