Use of deprecated pycrypto package
Description
The application is importing the pycrypto package, which has been deprecated due to security vulnerabilities. Consider using the cryptography package instead.
Examples
Insecure Code
python
import Crypto.CipherSecure Code
python
from cryptography.fernet import FernetRemediation
Replace pycrypto imports with cryptography package imports
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0134 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-1104 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | deprecated package, security vulnerability |
| OWASP | A9:2017-Using Components with Known Vulnerabilities, A02:2021-Cryptographic Failures |