SYM_JAVA_0122 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code is using Triple DES (3DES/DESede) for encryption, which is considered outdated and weak by modern security standards. It is recommended to use AES instead for stronger protection of sensitive data.
Impact
Relying on 3DES makes encrypted data vulnerable to attacks that can break or weaken its security, potentially exposing confidential information. Attackers could exploit this weakness to access or steal sensitive data, putting user privacy and organizational assets at risk.