Cryptographic API Misuse Vulnerability: Do not use Inadequate key length
gxx777 opened this issue · comments
Guo Xiangxin commented
Description:
I have identified a security vulnerability in the aioquic v 0.9.21 project by our cryptographic api misuse detection tool.The issue pertains to the use of a default RSA key length of 1024 bits, which is considered insecure due to advances in computing power and cryptographic weaknesses associated with shorter key lengths.
Affected Version
v0.9.21
References:
CWE-326: Inadequate Encryption Strength
NIST SP 800-131A r2
Location:
https://github.com/aiortc/aioquic/blob/main/src/aioquic/quic/retry.py#L18
Recommendations:
I recommend the following actions to mitigate the vulnerability:
Upgrade the RSA key length to a more secure option, such as 2048 bits.