rspec/rules/S4426/impact.adoc

=== What is the potential impact?
After retrieving encrypted data and performing cryptographic attacks on it on a
given timeframe, attackers can recover the plaintext that encryption was
supposed to protect.

Depending on the recovered data, the impact may vary.

Below are some real-world scenarios that illustrate the potential impact of an
attacker exploiting the vulnerability.

==== Additional attack surface
By modifying the plaintext of the encrypted message, an attacker may be able to
trigger additional vulnerabilities in the code. An attacker can further exploit
a system to obtain more information. +
Encrypted values are often considered trustworthy because it would not be
possible for a third party to modify them under normal circumstances.

==== Breach of confidentiality and privacy
When encrypted data contains personal or sensitive information, its retrieval
by an attacker can lead to privacy violations, identity theft, financial loss,
reputational damage, or unauthorized access to confidential systems.

In this scenario, the company, its employees, users, and partners could be
seriously affected.

The impact is twofold, as data breaches and exposure of encrypted data can
undermine trust in the organization, as customers, clients and stakeholders may
lose confidence in the organization's ability to protect their sensitive data.

==== Legal and compliance issues
In many industries and locations, there are legal and compliance requirements
to protect sensitive data. If encrypted data is compromised and the plaintext
can be recovered, companies face legal consequences, penalties, or violations
of privacy laws.
Modify S4426: Learn-As-You-Code Migration (#2166) ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 12:08:25 +02:00			`=== What is the potential impact?`
			`After retrieving encrypted data and performing cryptographic attacks on it on a`
			`given timeframe, attackers can recover the plaintext that encryption was`
			`supposed to protect.`

			`Depending on the recovered data, the impact may vary.`

			`Below are some real-world scenarios that illustrate the potential impact of an`
			`attacker exploiting the vulnerability.`

			`==== Additional attack surface`
			`By modifying the plaintext of the encrypted message, an attacker may be able to`
			`trigger additional vulnerabilities in the code. An attacker can further exploit`
			`a system to obtain more information. +`
			`Encrypted values are often considered trustworthy because it would not be`
			`possible for a third party to modify them under normal circumstances.`

			`==== Breach of confidentiality and privacy`
			`When encrypted data contains personal or sensitive information, its retrieval`
			`by an attacker can lead to privacy violations, identity theft, financial loss,`
			`reputational damage, or unauthorized access to confidential systems.`

			`In this scenario, the company, its employees, users, and partners could be`
			`seriously affected.`

			`The impact is twofold, as data breaches and exposure of encrypted data can`
			`undermine trust in the organization, as customers, clients and stakeholders may`
			`lose confidence in the organization's ability to protect their sensitive data.`

			`==== Legal and compliance issues`
			`In many industries and locations, there are legal and compliance requirements`
			`to protect sensitive data. If encrypted data is compromised and the plaintext`
			`can be recovered, companies face legal consequences, penalties, or violations`
			`of privacy laws.`