Inadequate Encryption Strength

CVE-2020-4099

Medium

5.9/10

Summary

The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-326 - Inadequate Encryption Strength

The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References

Advisory Timeline

Published Nov 01, 2022

Inadequate Encryption Strength

CVE-2020-4099

Summary

CWE-326 - Inadequate Encryption Strength

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS