Usage of weak encryption algorithm (DES)

Overview

Rule ID: javascript_lang_weak_encryption_des
Applicable Languages: Javascript
Weakness ID: CWE-327

Description

Your code is vulnerable due to the use of DES (Data Encryption Standard), which is a weak encryption algorithm. This vulnerability can result in data breaches and undermine your security measures.

Remediation Guidelines

Avoid using DES, as it is outdated and susceptible to attacks. Its use can considerably compromise your application's security.

Choose stronger encryption algorithms, like AES (Advanced Encryption Standard), to maintain the confidentiality and integrity of your data.

const crypto = require("crypto");

const cipher = crypto.createCipheriv("aes-256-cbc", key, iv);
const encrypted = cipher.update("my secret message", "utf8");

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of vulnerable marked package NextUsage of weak encryption algorithm on a password (DES)

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration