SYM_PY_0255 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
Property | Value |
---|---|
Language | |
Severity | |
CWE | CWE-326: Inadequate Encryption Strength |
OWASP | A03:2017 - Sensitive Data Exposure |
Confidence Level | High |
Impact Level | Medium |
Likelihood Level | Low |
Description
The code is generating DSA keys with a size smaller than 2048 bits, which is considered insecure by current standards. Using weak keys makes encrypted data easier to break with modern computing power.
Impact
Attackers could exploit the weak DSA keys to compromise encrypted communications or sensitive data, potentially leading to data breaches, unauthorized access, or loss of confidentiality. This puts user information and the integrity of the application at significant risk.