Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code uses the ARC4 (RC4) cipher algorithm, which is outdated and no longer secure. ARC4 has well-known weaknesses that make encrypted data easy to break.
Impact#
Attackers can exploit ARC4’s vulnerabilities to decrypt sensitive information, such as passwords or confidential data, potentially leading to data breaches and loss of user trust. Continued use may put the application’s data and users at significant risk.