cancel
Showing results for 
Search instead for 
Did you mean: 

Broken Cryptography

0 Kudos

Broken Cryptography

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.Attacker may be able to break the algorithm and compromise whatever data has been protected that may result in the exposure of sensitive information.

1.Do not develop custom or private cryptographic algorithms.

2.Ensure that you use a strong, modern cryptographic algorithm.

Use at least AES-128 or RSA-2048. For more information refer: http://wiki.scap.org.cn/cwe/en/definition/327

ex : $sha1Sum = sha1($contents);

 

$cacheKey = sha1($routePath . $this->serializer->serialize($cachedParams));

if (!isset($this->cacheUrl[$cacheKey])) { $this->cacheUrl[$cacheKey] = $this->getUrlModifier()->execute( $this->createUrl($routePath, $routeParams) ); }

in vendor\magento\framework\Url.php (Line:870) file, SHA1 used. We can use the modern crypto algorithm.

CWE Code : CWE-327