Insecure encryption algorithm | Fluid Attacks Database

Database

Description

The application uses insecure encryption algorithms.

Impact

- Reverse the ciphertext and collect sensible information. - Tamper protected data by exploiting algorithm collisions.

Recommendation

Use algorithms considered cryptographically secure.

Threat

Anonymous attacker from adjacent network.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

127 - Store hashed passwords 148 - Set minimum size of asymmetric encryption 149 - Set minimum size of symmetric encryption 150 - Set minimum size for hash functions 181 - Transmit data using secure protocols 336 - Disable insecure TLS versions

Fixes

Csharp Dart Go Java Php Python Ruby Scala Swift Typescript