Unchecked Return Value
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-252: Unchecked Return Value |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
If you use openssl_decrypt without checking if it returned false, your code may mistakenly process failed decryption as valid data. This can lead to unexpected behavior or errors, especially if the decrypted data is assumed to be correct.
Impact#
Failing to handle decryption errors could allow attackers to trigger logic errors, bypass security checks, or cause the application to operate on invalid data. This may result in data corruption, application crashes, or unintended information disclosure.