Vulnerability: App is Encoding Sensitive Information Using Outdated or Insecure Cryptography #439
Assignees
Labels
bug
Something isn't working
Comments
|
Thank you @aryanamex for bring this to our attention. We have added this to our backlog. I will keep you updated on our progress. |
Merged
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Vulnerability: App is Encoding Sensitive Information Using Outdated or Insecure Cryptography
Description
The application was found to operate weak cryptographic algorithms on sensitive data while exercising the app. These outdated algorithms are often in violation of common compliance standards and can be vulnerable to publicly-disclosed and non-public attacks. The sensitive data being encoded with the weak algorithm is also at a greater risk of being exposed due to the often trivial effort to decode the data.
Inspect the app's source code to identify instances of cryptographic algorithms that are known to be weak, such as:
• DES, 3DES
• RC2
• RC4
• BLOWFISH
• MD4
• MD5
• SHA1
The text was updated successfully, but these errors were encountered: