Use of a broken or risky cryptographic algorithm
Description
The application was found using the `xor` algorithm, which can be trivially decoded. Newer algorithms apply message integrity to validate ciphertext has not been tampered with. Consider using `ChaCha20Poly1305` instead as it is easier and faster than the alternatives such as `AES-256-GCM`.
Examples
Insecure Code
python
Cryptodome.Cipher.XOR.new(...) or Crypto.Cipher.XOR.new(...)Secure Code
python
ChaCha20Poly1305(key) or AESGCM(key)Remediation
Replace the `xor` algorithm with a secure alternative like `ChaCha20Poly1305` or `AES-256-GCM`.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0119 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-327 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | HIGH |
| Exploitability | EASY |
| Tags | security, cryptography |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |