Inadequate Encryption Strength
Description
The network communications for Hazelcast is configured to use a symmetric cipher, which does not provide integrity or secure authentication. The use of asymmetric encryption is preferred.
Examples
Insecure Code
scala
new com.hazelcast.config.SymmetricEncryptionConfig()Secure Code
scala
new com.hazelcast.config.AsymmetricEncryptionConfig()Remediation
Use asymmetric encryption for Hazelcast network communications.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0025 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-326 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | inadequate encryption, symmetric cipher |
| OWASP | N/A |