Usage of weak encryption algorithm (DES)

Overview

• Rule ID: javascript_lang_weak_encryption_des

• Applicable Languages: Javascript

• Weakness ID: CWE-327

Description

Your code is vulnerable due to the use of DES (Data Encryption Standard), which is a weak encryption algorithm. This vulnerability can result in data breaches and undermine your security measures.

Remediation Guidelines

• Avoid using DES, as it is outdated and susceptible to attacks. Its use can considerably compromise your application's security.

• Choose stronger encryption algorithms, like AES (Advanced Encryption Standard), to maintain the confidentiality and integrity of your data.

  Copy

  const crypto = require("crypto");
  
  const cipher = crypto.createCipheriv("aes-256-cbc", key, iv);
  const encrypted = cipher.update("my secret message", "utf8");

References

• NodeJS Crypto Module

• CWE-327: Use of a Broken or Risky Cryptographic Algorithm

• OWASP Top 10: A02:2021 - Cryptographic Failures

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL