Description

The source code uses RSA/ECB/PKCS1Padding and AES/CBC/PKCS5PADDING encryption and other references use CTR or CFB which are considered insecure.

Impact

Decrypt the information encrypted with the algorithm because it has vulnerabilities that make it easily breakable.

Recommendation

Only secure encryption with secure algorithms such as RSA/NONE/OAEPwithSHA-256andMGF1Padding or use implementations with the GCM mode encryption algorithm.

Threat

Attacker with access to the code.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes