9e9c990658
Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
23 lines
865 B
Plaintext
23 lines
865 B
Plaintext
=== What is the potential impact?
|
|
|
|
The cleartext of an encrypted message might be recoverable. Additionally, it
|
|
might be possible to modify the cleartext of an encrypted message.
|
|
|
|
Below are some real-world scenarios that illustrate possible impacts of an attacker
|
|
exploiting the vulnerability.
|
|
|
|
==== Theft of sensitive data
|
|
|
|
The encrypted message might contain data that is considered sensitive and should
|
|
not be known to third parties.
|
|
|
|
By using a weak algorithm the likelihood that an attacker might be able to
|
|
recover the cleartext drastically increases.
|
|
|
|
==== Additional attack surface
|
|
|
|
By modifying the cleartext of the encrypted message it might be possible for an
|
|
attacker to trigger other vulnerabilities in the code. Encrypted values are
|
|
often considered trusted, since under normal circumstances it would not be
|
|
possible for a third party to modify them.
|