SYM_PY_0163 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code generates DSA cryptographic keys with a size less than 2048 bits, which is considered too weak by modern security standards. This makes the keys easier to break using current computing power.
Impact
Using weak DSA keys can allow attackers to crack the encryption, leading to exposure of sensitive data, impersonation, or unauthorized access. This undermines the security of your application and puts both user and organizational data at risk.