Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code is generating RSA keys with a size less than 2048 bits, which is below current security standards. Keys of this size are considered weak and can be vulnerable to modern attacks.
Impact#
Using insufficiently sized RSA keys makes it easier for attackers to break the encryption, potentially exposing sensitive data or allowing unauthorized access. This could compromise confidential information and undermine the security of your application or users.