Open in app

Sign in

Write

Sign in

How To fix veracode Cryptographic Risk (CWE-327)

Gain Java Knowledge
Jun 18, 2022

--

I’m trying to use AES Algorithm to mitigate the CWE-327 vulnerability. Initialization Vector(IV) needs to be provided as part of this and this value needs to be randomized.

Here we need to use random IV value and this value will be same during encryption and decryption process. If we will use different random IV value at the time of encryption and decryption then it will resolve the Veracode cryptographic risk but Actual value doesn’t match with the decrypted value.

So while encryption If we are using Random IV value then we need to keep this value somewhere so at the time of decryption we can use same Random IV value that we have used at the time of encryption.

byte[] IV = new byte[16];
SecureRandom random = new SecureRandom();
random.nextBytes(IV);
IvParameterSpec ivSpec = new IvParameterSpec(IV);

--

--

Gain Java Knowledge

Written by Gain Java Knowledge

924 Followers

The Java programming language is one of the most popular languages today. Stay up to date with news, certifications, free learning resources and much more.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams