SYM_PY_0164 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code uses the IDEA (International Data Encryption Algorithm) cipher, which is outdated and known to be vulnerable when weak keys are used. This makes encrypted data easier to break compared to modern encryption algorithms.
Impact
Attackers could exploit weaknesses in IDEA to decrypt sensitive information, potentially leading to data breaches and exposure of confidential data. This undermines the security of the application and can result in regulatory or reputational damage.