Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
The code is generating RSA encryption keys with a size smaller than 2048 bits, which does not meet current security standards and can be easily broken by attackers. Using weak key sizes undermines the effectiveness of encryption.
Impact#
Attackers could decrypt sensitive data, impersonate users, or tamper with protected information by exploiting the weak RSA keys. This exposes the application and its users to data breaches and loss of confidentiality, putting compliance and trust at risk.