The application is generating cryptographic keys or key pairs using a short and inadequate length. This application is using the ECB (Electronic Codebook) mode of operation to perform encryption, which is considered semantically insecure. Vulnerable File name :- curl_ntlm_core.c Vulnerable line no. 274 :- err = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionECBMode, key, ## Impact If a message with identical blocks is encrypted, an attacker get a certain advantage to have information on plaintext, by only observing CipherText.

Report Details

Additional information and metadata

State

Closed

Substate

Not-Applicable

Submitted

Weakness

Use of a Broken or Risky Cryptographic Algorithm