Skip to content

[Java] CWE-326: Query to detect weak encryption with an insufficient key size #229

New issue
New issue
Closed
Closed
[Java] CWE-326: Query to detect weak encryption with an insufficient key size#229
Labels
All For OneSubmissions to the All for One, One for All bounty
@luchua-bc

Description

@luchua-bc
luchua-bc
opened on Jan 7, 2021

CVE ID(s)

List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.

Report

Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.

Strength of cryptographic algorithms depends on a sufficient key size to be robust against brute-force attacks. A theoretically sound encryption scheme with an insufficient key size can still be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.

This type of issues is categorized as CWE-326: Inadequate Encryption Strength.

The relevant query finds uses of strong encryption algorithms (AES, DSA, RSA, and EC) with too small a key size.

Relevant PR - #4926

  • Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). We would love to have you spread the word about the good work you are doing

Result(s)

Provide at least one useful result found by your query, on some revision of a real project.

Metadata

Metadata

Assignees

No one assigned

    Labels

    All For OneSubmissions to the All for One, One for All bounty

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions