SYM_PY_0157 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code is using the Blowfish cipher for encryption, which is outdated and has known weaknesses, especially with certain keys. It is recommended to use a more secure algorithm like AES instead.
Impact
If Blowfish is used, attackers may be able to exploit its weaknesses to decrypt sensitive data or compromise encrypted information. This can lead to exposure of confidential data, violating compliance requirements and potentially harming users and the organization.