weak-symmetric-algorithm
weak-symmetric-algorithm
Detected the use of
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
$METHOD("$VALUE") which is considered a weak cryptographic algorithm. Where possible, leverage the industry standard recommendation which is to use a block cipher such as AES with at least 128-bit strength, an example of a secure algorithm is AES-256-GCM. If your company has its own guidelines, you should follow your company’s internal best practices.Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures