Usage of weak encryption algorithm (DES)

Overview

Rule ID: java_lang_weak_encryption_des
Applicable Languages: Java
Weakness ID: CWE-327

Description

Exception messages that expose sensitive information can be a critical security vulnerability. When exception details are printed directly to the default output, they might reveal crucial information about the application’s configuration or environment, such as file paths, server details, or database configurations. This not only aids attackers in identifying potential entry points but also risks exposing user-specific data, leading to privacy violations.

Remediation Guidelines

Avoid using DES, as it is outdated and vulnerable to attacks, significantly compromising your application's security.
Instead, opt for stronger encryption algorithms like AES (Advanced Encryption Standard) to enhance data security.
```
Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
```

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of vulnerable Apache Commons Collections InvokeTransformer class NextUsage of Weak Hashing Library on a Password (SHA-1)

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration