DerScanner
Home / Vulnerability Database / Python : Insecure stream encryption
Python

Python : Insecure stream encryption

Classification

OWASP Top 10 2013
A6-Sensitive Data Exposure
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure Design
OWASP MASVS
V8: 8.13.(L1+R/L2+R)
OWASP ASVS
Stored Cryptography
PCI DSS 4.0
3.6.16.2.48.3.2
HIPAA
§164.312 (a)(2)(iv)
CWE
CWE-1032

Overview

Stream cipher is used. This protection may not be sufficient when encrypting data will be stored on the disk, or if the key is used more than once.

Stream ciphers are vulnerable to “key reuse” attack (the “two-time pad” attack). This means that if the same key is used more than once, an attacker can get an open XOR text, by applying the XOR operation to two different encrypted texts. This will allow to get back the original text.

Sensitive Data Exposure vulnerabilities take the third place in the “OWASP Top 10 2017” web-application vulnerabilities ranking.

References

  1. Disk encryption theory
  2. CWE-327: Use of a Broken or Risky Cryptographic Algorithm
  3. OWASP Top 10 2017-A3-Sensitive Data Exposure
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
  5. Bleichenbacher’s attack
CRITICAL

DerScanner Severity Score

Do you want to fix Python : Insecure stream encryption in your application?

See also

Python

Python : Debug mode on

Python

Python : Web3: Deprecated method

Python

Python : Unsafe padding