SYM_RB_0008 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description
The code is generating RSA encryption keys with a size smaller than 2048 bits, which does not meet current security standards and can be easily broken by attackers. Using weak key sizes undermines the effectiveness of encryption.
Impact
Attackers could decrypt sensitive data, impersonate users, or tamper with protected information by exploiting the weak RSA keys. This exposes the application and its users to data breaches and loss of confidentiality, putting compliance and trust at risk.