b0968585b4
## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
16 lines
944 B
Plaintext
16 lines
944 B
Plaintext
=== What is the potential impact?
|
|
|
|
If the encryption that is being used is flawed, attackers might be able to exploit it in several ways. They might be able to decrypt existing sensitive data or bypass key protections.
|
|
|
|
Below are some real-world scenarios that illustrate some impacts of an attacker exploiting the vulnerability.
|
|
|
|
==== Theft of sensitive data
|
|
|
|
The encrypted message might contain data that is considered sensitive and should not be known to third parties.
|
|
|
|
By not using the encryption algorithm correctly, the likelihood that an attacker might be able to recover the original sensitive data drastically increases.
|
|
|
|
==== Additional attack surface
|
|
|
|
Encrypted values are often considered trusted, since under normal circumstances it would not be possible for a third party to modify them. If an attacker is able to modify the cleartext of the encrypted message, it might be possible to trigger other vulnerabilities in the code.
|