How To fix veracode Cryptographic Risk (CWE-327)

I’m trying to use AES Algorithm to mitigate the CWE-327 vulnerability. Initialization Vector(IV) needs to be provided as part of this and this value needs to be randomized.

Here we need to use random IV value and this value will be same during encryption and decryption process. If we will use different random IV value at the time of encryption and decryption then it will resolve the Veracode cryptographic risk but Actual value doesn’t match with the decrypted value.



Gain Java Knowledge

The Java programming language is one of the most popular languages today. Stay up to date with news, certifications, free learning resources and much more.