SYM_PY_0165 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code uses ECB (Electronic Codebook) mode for block cipher encryption, which always produces the same encrypted output for identical input blocks. This exposes patterns in the original data, making it easier for attackers to analyze and potentially reveal sensitive information.
Impact
If exploited, attackers can spot repeating patterns in the encrypted data, allowing them to infer or reconstruct parts of the original plaintext. This can lead to sensitive data exposure, undermining the confidentiality of information such as passwords, personal details, or proprietary data.