SYM_PY_0255 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki

Inadequate Encryption Strength

Property Value
Language python
Severity medium
CWE CWE-326: Inadequate Encryption Strength
OWASP A03:2017 - Sensitive Data Exposure
Confidence Level High
Impact Level Medium
Likelihood Level Low

Description

The code is generating DSA keys with a size smaller than 2048 bits, which is considered insecure by current standards. Using weak keys makes encrypted data easier to break with modern computing power.

Impact

Attackers could exploit the weak DSA keys to compromise encrypted communications or sensitive data, potentially leading to data breaches, unauthorized access, or loss of confidentiality. This puts user information and the integrity of the application at significant risk.