Inadequate encryption strength
Description
The network communications for Hazelcast is configured to use a deprecated symmetric cipher. Consider using TLS/SSL when establishing communications across the Hazelcast cluster.
Examples
Insecure Code
java
new com.hazelcast.config.SymmetricEncryptionConfig()Secure Code
java
Configure TLS/SSL for Hazelcast cluster communicationsRemediation
Use TLS/SSL for Hazelcast cluster communications. See https://docs.hazelcast.com/imdg/4.2/security/tls-ssl for configuration details.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0692 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-326 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | encryption, tls, ssl |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |