SYM_PY_0161 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A6:2017 misconfiguration |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description
The code is using an empty string as the AES encryption key, which means the encryption is extremely weak or ineffective. AES requires a strong, non-empty key to properly secure data.
Impact
If an empty key is used, attackers can easily decrypt sensitive data, leading to data breaches or exposure of confidential information. This could compromise user privacy, regulatory compliance, and the overall security of the application.