CWE 327 (Broken or Risky cryptographic Algorithm) on decrypting
Olivia Zamora 
I have an application that encrypts on front end and decrypts on back end using this tutorial.
Basically backend generates public and private key then sends public key to front end and uses it to encrypt input to send back to backend for decryption.
Testing it on vera code gives me CWE 327 error in the decryptWithAes method,
I changed the code a bit when doing some vera code testing and pinpointed the line:
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec keySpec = new SecretKeySpec(aesKey, "AES");
IvParameterSpec ivSpec = new IvParameterSpec(iv); <---- CWE 327 is pointing here
cipher.init(Cipher.DECRYPT_MODE, keySpec , ivSpec);I'm sure the iv is not the cause since vera code will give me this error instead:
"Initialization Vector(IV) needs to be provided as part of this and this value needs to be randomized"
Is there a way to fix this?
9 Related questions 5 Exception in AES decryption algorithm in java 2 Java AES Decrypting problem 3 AES decryption error in java Related questions 5 Exception in AES decryption algorithm in java 2 Java AES Decrypting problem 3 AES decryption error in java 0 Java AES decryption error, encryption is working fine 0 AES encryption error in java 0 Java error in decryption 3 What is wrong with this AES 128 encryption? 0 AES decryption in java padding error 0 error when decrypting java 0 AES Encryption vulnerabilities in JAVA Load 7 more related questions Show fewer related questions Reset to default
