Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code uses NullCipher, which does not actually encrypt data—any sensitive information remains as plain text. This means data meant to be protected is left unencrypted and exposed.
Impact#
If exploited, attackers can easily access confidential data because it is not encrypted, leading to potential data leaks, privacy violations, or regulatory non-compliance. This puts user and business information at significant risk.