Usage of weak encryption algorithm (DES)

Overview

• Rule ID: java_lang_weak_encryption_des

• Applicable Languages: Java

• Weakness ID: CWE-327

Description

Exception messages that expose sensitive information can be a critical security vulnerability. When exception details are printed directly to the default output, they might reveal crucial information about the application’s configuration or environment, such as file paths, server details, or database configurations. This not only aids attackers in identifying potential entry points but also risks exposing user-specific data, leading to privacy violations.

Remediation Guidelines

• Avoid using DES, as it is outdated and vulnerable to attacks, significantly compromising your application's security.

• Instead, opt for stronger encryption algorithms like AES (Advanced Encryption Standard) to enhance data security.

  Copy

  Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");

References

• Java Cipher class

• CWE-327: Use of a Broken or Risky Cryptographic Algorithm

• OWASP Top 10: A02:2021 - Cryptographic Failures

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL