Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
Using encryption with insufficient key lengths or deprecated algorithms provides a false sense of security. Attackers with sufficient resources can break weak encryption.
普遍性
中
覆盖 1 种语言
影响
高
2 条严重级别为高的规则
预防
已记录
2 个修复示例
2 预防
2 预防
如何修复此漏洞
Python
查看全部 Python 详情 →
JWT Signed with Weak Secret
HIGH
Use strong secrets from environment variables for JWT signing, never hardcode
import jwt - - def create_token(user_id): - return jwt.encode({'user_id': user_id}, 'secret', algorithm='HS256') + import os + + SECRET_KEY = os.environ['JWT_SECRET_KEY'] + + def create_token(user_id): + return jwt.encode({'user_id': user_id}, SECRET_KEY, algorithm='HS256')
Weak Cryptographic Key Generation
HIGH
Use RSA 2048+ bits or AES-256 with cryptographically secure key generation
from Crypto.PublicKey import RSA - key = RSA.generate(1024) + key = RSA.generate(2048)
3 检测
3 检测
查找代码中的漏洞
使用Shoulder扫描代码中的Inadequate Encryption Strength模式。 2 规则.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=326 # Or scan entire project npx @shoulderdev/cli trust .
检测规则 (2)
🐍
Python
2 rules
JWT Signed with Weak Secret
HIGH
Detects JWT tokens signed with weak, hardcoded, or default secret keys that can be brute-forced.
Weak Cryptographic Key Generation
HIGH
Detects weak cryptographic key generation: insufficient key sizes, predictable
keys, or using weak algorithms. Cryptographic keys must be sufficiently long
and generated with secure random sources.
4 警告信号
4 警告信号
代码审查中需要关注的内容
这些模式表明潜在的Inadequate Encryption Strength漏洞。在代码审查和安全审计中注意查找。
JWT tokens signed with weak, hardcoded, or default secret keys that can be brute-forced
python-jwt-weak-secret
weak cryptographic key generation: insufficient key sizes, predictable
keys, or using weak algorithm
python-weak-key-generation