Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code is using the Blowfish cipher for encryption, which is outdated and has known weaknesses, especially with certain keys. It is recommended to use a more secure algorithm like AES instead.
Impact#
If Blowfish is used, attackers may be able to exploit its weaknesses to decrypt sensitive data or compromise encrypted information. This can lead to exposure of confidential data, violating compliance requirements and potentially harming users and the organization.