SYM_JAVA_0113 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code is using the Blowfish encryption algorithm, which relies on a small 64-bit block size and is now considered insecure. Attackers can exploit weaknesses in Blowfish to compromise encrypted data.
Impact
If exploited, sensitive information encrypted with Blowfish could be decrypted or tampered with by attackers, leading to data breaches, unauthorized access, or loss of data integrity. This puts user confidentiality and the application's security at significant risk.