Use of Weak Cryptographic Algorithm
Description
A weak or broken cryptographic algorithm was identified. Using these functions will introduce vulnerabilities or downgrade the security of your application.
Examples
Insecure Code
javascript
const crypto = require('crypto'); const cipher = crypto.createCipher('des', 'secret');Secure Code
javascript
const crypto = require('crypto'); const cipher = crypto.createCipheriv('aes-256-cbc', 'secret', Buffer.alloc(16));Remediation
Replace the weak cryptographic algorithm with a secure one, such as AES.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0357 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-327 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | crypto, nodejs |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |