Use of broken or risky cryptographic algorithm
Description
The code uses a broken or insecure cryptographic algorithm such as DES, TripleDES, RC2, or RC4. These algorithms are considered insecure and should be replaced with more secure alternatives like ChaCha20Poly1305 or AES-256-GCM.
Examples
Insecure Code
python
Cryptodome.Cipher.ARC4.new(...) or Crypto.Cipher.ARC4.new(...)Secure Code
python
ChaCha20Poly1305(key) or AESGCM(key)Remediation
Replace the insecure algorithm with a secure one, such as ChaCha20Poly1305 or AES-256-GCM, and ensure to regenerate nonce values every time they are used.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0118 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-327 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | insecure algorithm, cryptographic failure |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |