Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code is generating RSA keys with a size smaller than 3072 bits, which is below current security standards. This makes the encryption easier to break using modern computing power.
Impact#
Using weak RSA keys can allow attackers to decrypt sensitive data, impersonate users, or bypass authentication. This exposes confidential information and could lead to data breaches or loss of trust in your application.