Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
The code is generating RSA keys with a key length less than 2048 bits, which is considered too weak for secure encryption. Using short RSA keys makes it easier for attackers to break the encryption and access protected data.
Impact#
If weak RSA keys are used, attackers could potentially decrypt sensitive data, impersonate users, or compromise secure communications. This can lead to data breaches, loss of confidentiality, and exposure of private information within your application or organization.