SYM_JAVA_0108 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code generates RSA keys with a length less than 2048 bits, which does not meet current security standards and makes the encryption much easier to break. Using such weak keys exposes sensitive data to potential attackers.
Impact
If weak RSA keys are used, attackers could more easily decrypt confidential information by exploiting the insufficient key strength. This could lead to data breaches, unauthorized access, and compromise of user or organizational data protected by the encryption.