SYM_JAVA_0110 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code uses AES encryption in ECB (Electronic Codebook) mode, which does not properly hide patterns in encrypted data and is considered insecure. This can allow attackers to spot repeating patterns and potentially reveal sensitive information.
Impact
If exploited, attackers may be able to deduce information about the original data by analyzing the ciphertext, leading to exposure of confidential data such as passwords, credit cards, or personal details. This undermines the effectiveness of encryption and can result in serious data breaches or regulatory violations.