rspec/rules/S5542/impact.adoc

=== What is the potential impact?

The cleartext of an encrypted message might be recoverable. Additionally, it
might be possible to modify the cleartext of an encrypted message.

Below are some real-world scenarios that illustrate possible impacts of an attacker
exploiting the vulnerability.

==== Theft of sensitive data

The encrypted message might contain data that is considered sensitive and should
not be known to third parties.

By using a weak algorithm the likelihood that an attacker might be able to
recover the cleartext drastically increases.

==== Additional attack surface

By modifying the cleartext of the encrypted message it might be possible for an
attacker to trigger other vulnerabilities in the code. Encrypted values are
often considered trusted, since under normal circumstances it would not be
possible for a third party to modify them.
Modify S5542: Learn-As-You-Code migration (#2011) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 10:27:53 +02:00			`=== What is the potential impact?`

			`The cleartext of an encrypted message might be recoverable. Additionally, it`
			`might be possible to modify the cleartext of an encrypted message.`

			`Below are some real-world scenarios that illustrate possible impacts of an attacker`
			`exploiting the vulnerability.`

			`==== Theft of sensitive data`

			`The encrypted message might contain data that is considered sensitive and should`
			`not be known to third parties.`

			`By using a weak algorithm the likelihood that an attacker might be able to`
			`recover the cleartext drastically increases.`

			`==== Additional attack surface`

			`By modifying the cleartext of the encrypted message it might be possible for an`
			`attacker to trigger other vulnerabilities in the code. Encrypted values are`
			`often considered trusted, since under normal circumstances it would not be`
			`possible for a third party to modify them.`