SYM_JAVA_0112 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The use of NullCipher means that data is not actually encrypted—ciphertext is identical to the original plaintext. This leaves sensitive information exposed and defeats the purpose of using encryption.
Impact
If NullCipher is used, confidential data such as passwords or personal information can be easily read by anyone with access to the data stream or storage. Attackers can intercept, view, or modify data with no cryptographic protection, leading to data breaches and compliance violations.