Insecure Cryptographic Key


Description

The application is vulnerable because of an insecure cryptographic key. The key has been created or stored insecurely making it vulnerable to attack. An attacker who gains access to the key can perform that same cryptographic functions as the application or server potentially exposing sensitive data or operations.

Impact

An attacker that gained access to the cryptographic keys could perform the same encryption, decryption, or signing operations as the application or server. If the attacker can perform a decryption operation, they may be able to access sensitive data within the application. An attacker who can perform signing operations may be able to perform unauthorized operations or use it to attack other users. The impact of an exposed key may depend on whether the attacker has knowledge of the cryptographic routines, but this information can be ascertained depending on the cryptography is used with the application.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply