SYM_JAVA_0106 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code uses the RC4 encryption algorithm, which is outdated and has well-known security flaws. Attackers can easily break RC4 encryption, making any protected data vulnerable.
Impact
If RC4 is used, attackers may decrypt sensitive information, tamper with data, or intercept confidential communications. This can lead to data breaches, exposure of user information, and compromise of the application's security.