SYM_JAVA_0107 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code is using the RC2 encryption algorithm, which is outdated and insecure. RC2 has known weaknesses that make encrypted data vulnerable to attacks and should not be used for protecting sensitive information.
Impact
If RC2 is used, attackers could potentially decrypt or tamper with confidential data, leading to data breaches, exposure of sensitive information, or unauthorized access. This weakens overall application security and may result in regulatory or reputational harm.