51 StringBuffer sb = new StringBuffer();
52 HttpClient hc = HttpClient.newBuilder().build();
53 HttpRequest offerReq = HttpRequest.newBuilder(offerAPI).GET().build();
54 Cipher ci = Cipher.getInstance("DES/ECB/PKCS5Padding"); 55
56 HttpResponse<String> offerResp = hc.send(offerReq, HttpResponse.BodyHandlers.ofString());
57
This code was found to be using an insecure encryption algorithm. This could allow malicious actors to easily break encryption on the application, leading to data breaches or even hijacking of infrastructure.
A number of encryption algorithms exist which are widely supported, but are also deprecated due to their lack of security. For example, the following algorithms are insecure and their usage is not recommended:
Cipher c = Cipher.getInstance("DES/ECB/PKCS5Padding");
c.init(Cipher.ENCRYPT_MODE, k, iv);
byte[] cipherText = c.doFinal(plainText);
Make sure to use modern, currently accepted encryption algorithms for all security sensitive operations.
Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
c.init(Cipher.ENCRYPT_MODE, k, iv);
byte[] cipherText = c.doFinal(plainText);