Usage of weak encryption algorithm (RC4)

Overview

Rule ID: javascript_lang_weak_encryption_rc4
Applicable Languages: Javascript
Weakness ID: CWE-327

Description

Employing the RC4 (Rivest Cipher 4) encryption algorithm presents a major security risk. RC4 is outdated and has been shown to be vulnerable to numerous attacks, rendering any data encrypted with it susceptible to unauthorized access and compromise.

Remediation Guidelines

Avoid using RC4 for data encryption, as its vulnerabilities can undermine data security.

Choose more robust encryption algorithms, such as AES-256, for encrypting data. This provides a higher level of security for your data.

const crypto = require("crypto");

const cipher = crypto.createCipheriv("aes-256-cbc", key, iv);
const encrypted = cipher.update("my secret message", "utf8");

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of weak encryption algorithm on a password (RC4)NextUsage of weak hashing library (MD5)

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration