Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The DNSSEC configuration for Google Cloud DNS is set to use the RSASHA1 algorithm for signing keys, which is considered outdated and insecure. RSASHA1 is vulnerable to cryptographic attacks and should not be used for zone-signing or key-signing keys.
Impact#
Using RSASHA1 allows attackers to potentially forge DNS records or tamper with DNS responses, putting your domains at risk of spoofing and compromising the integrity and confidentiality of your DNS data. This increases the likelihood of phishing, man-in-the-middle attacks, and unauthorized access to sensitive resources.