Inadequate Encryption Strength
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
The code uses the Blowfish encryption algorithm with a key size smaller than 128 bits, which is not strong enough to protect sensitive data. Weak keys make the encryption much easier to break.
Impact#
Attackers could decrypt or manipulate confidential data by exploiting the weak encryption, leading to data breaches or unauthorized access. This puts sensitive user information and business data at risk, potentially resulting in regulatory violations or loss of trust.