mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 11:35:51 +00:00
copilot-swe-agent[bot]
ba72efbc5e
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
19 lines
756 B
Markdown
19 lines
756 B
Markdown
# Weak Cryptography
|
|
|
|
## Description
|
|
Weak cryptography vulnerabilities occur when applications use outdated, weak, or improperly implemented cryptographic algorithms and protocols. This can lead to data exposure, man-in-the-middle attacks, and other security breaches.
|
|
|
|
## Common Issues
|
|
- Use of weak hashing algorithms (MD5, SHA1)
|
|
- Weak encryption algorithms (DES, RC4)
|
|
- Hardcoded cryptographic keys
|
|
- Insufficient key lengths
|
|
- Improper SSL/TLS configuration
|
|
- Predictable random number generation
|
|
|
|
## Testing Approach
|
|
Identify cryptographic implementations and test for weak algorithms, hardcoded secrets, and improper configurations.
|
|
|
|
## Payloads
|
|
See `weak-crypto-payloads.txt` for a comprehensive list of weak cryptography indicators and test cases.
|