mobsf.mobsfscan.weak_ciphers.weak_cipher

MobSF

Author

505

Download Count*

GPLv3

License

Weak encryption algorithm identified. This algorithm is vulnerable to cryptographic attacks.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: weak_cipher
    patterns:
      - pattern-either:
          - pattern: |
              $C.getInstance("=~/des|desede|rc2|rc4|blowfish/i", ...);
          - pattern: |
              $C = new NullCipher();
    message: Weak encryption algorithm identified. This algorithm is vulnerable to
      cryptographic attacks.
    severity: ERROR
    languages:
      - java
    metadata:
      cwe: cwe-327
      owasp-mobile: m5
      masvs: crypto-4
      reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4
      license: LGPL-3.0-or-later

Short Link: https://sg.run/v2db