Insecure Cryptographic Algorithm: RC2
Description
The use of RC2 algorithm is detected. RC2 is outdated and vulnerable to modern cryptanalysis. It is recommended to use secure ciphers such as ChaCha20-Poly1305 or AES-256-GCM with authenticated encryption.
Examples
Insecure Code
java
javax.crypto.Cipher.getInstance("RC2");Secure Code
java
javax.crypto.Cipher.getInstance("ChaCha20-Poly1305");Remediation
Replace RC2 with a secure cipher like ChaCha20-Poly1305 or AES-256-GCM and ensure authenticated encryption is used.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0506 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-327 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | insecure-crypto, rc2 |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |