Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
The code generates or uses RSA keys that are smaller than 2048 bits, which does not meet current security standards. Such weak keys can be broken more easily by attackers, compromising the encryption.
Impact#
Using RSA keys smaller than 2048 bits makes it feasible for attackers to decrypt sensitive data or impersonate users by breaking the encryption. This can lead to data breaches, loss of confidentiality, and exposure of sensitive information.