SYM_PY_0088 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Manually setting SSL/TLS ciphers using set_ciphers() can override Python's secure defaults and unintentionally enable weak or outdated encryption. This increases the risk of using insecure cryptographic algorithms.
Impact
If weak ciphers are enabled, attackers could exploit vulnerabilities to decrypt or tamper with sensitive data in transit. This can lead to information disclosure, compromised user data, or interception of confidential communications.