Insecure encryption algorithm - DSA
Description
The server where the application is stored supports insecure encryption.
Impact
Decrypt the information transmitted between the client and the server.
Recommendation
Use algorithms considered cryptographically secure.
Threat
Anonymous attacker from intranet.
Expected Remediation Time
⌚ 30 minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the vulnerability.
Base
- Attack vector: A
- Attack complexity: H
- Privileges required: N
- User interaction: R
- Scope: U
- Confidentiality: L
- Integrity: N
- Availability: N
Temporal
- Exploit code madurity: P
- Remediation level: X
- Report confidence: X
Result
- Vector string: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:X/RC:X
- Score:
- Base: 2.6
- Temporal: 2.5
- Severity:
- Base: Low
- Temporal: Low
Code Examples
Compliant code
The server uses a secure encryption algorithm
http {
server {
index: "index.html";
listen: "localhost:4446 ssl";
server_name: "localhost";
ssl_prefer_server_ciphers: "on";
ssl_ciphers: "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"";
ssl_certificate: "cert.crt";
ssl_certificate_key: "cert.key";
}
}
Non compliant code
The server uses the insecure DSA cipher algorithm
http {
server {
index: "index.html";
listen: "localhost:4446 ssl";
server_name: "localhost";
ssl_prefer_server_ciphers: "on";
ssl_ciphers: "ECDH_ECDSA_WITH_AES_256_CBC_SHA";
ssl_certificate: "cert.crt";
ssl_certificate_key: "cert.key";
ssl_protocols: "SSLv3 TLSv1 TLSv1.1";
}
}