261 – Insecure encryption algorithm - DSA

Description

The server where the application is stored supports insecure encryption.

Impact

Decrypt the information transmitted between the client and the server.

Recommendation

Use algorithms considered cryptographically secure.

Threat

Anonymous attacker from intranet.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: A
• Attack complexity: H
• Attack Requirements: N
• Privileges required: N
• User interaction: A
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 148 - Set minimum size of asymmetric encryption
• 150 - Set minimum size for hash functions

Fixes

• Csharp
• Elixir
• Go
• Java
• Php
• Python
• Ruby
• Scala
• Typescript

Last updated

2024/02/18