Use of a Broken or Risky Cryptographic Algorithm
Description
The NullCipher implements the Cipher interface by returning ciphertext identical to the supplied plaintext. In a few contexts, such as testing, a NullCipher may be appropriate. Avoid using the NullCipher. Its accidental use can introduce a significant confidentiality risk.
Examples
Insecure Code
scala
val cipher = new javax.crypto.NullCipher()Secure Code
scala
val cipher = Cipher.getInstance("AES")Remediation
Use a secure cryptographic algorithm instead of NullCipher.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0027 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-327 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | cryptography, confidentiality |
| OWASP | N/A |