greprules.io
Sign inSubmit rule
Explore/gitlab-sast-c-crypto-rule-evp-rc4-40-evp-rc2-40-cbc

Crypto EVP Rc4 40 EVP Rc2 40 Cbc

The RC4 algorithm is vulnerable to many attacks and should no longer be used for encrypting data streams. Consider using libsodium's `crypto_secretstream_xchacha20poly1305` stream cipher encryption functions instead. For more information please see: https://libsodium.gitbook.io/doc/secret-key_cryptography/secretstream If you must be FIPS compliant, consider

IndexedPublic repositoryHighMedium confidenceVerifiedGPL-2.0-onlyc
greprules fetch gitlab-sast-c-crypto-rule-evp-rc4-40-evp-rc2-40-cbc --engine opengrep

Description

The RC4 algorithm is vulnerable to many attacks and should no longer be used for encrypting data streams. Consider using libsodium's `crypto_secretstream_xchacha20poly1305` stream cipher encryption functions instead. For more information please see: https://libsodium.gitbook.io/doc/secret-key_cryptography/secretstream If you must be FIPS compliant, consider

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License
GPL-2.0-only
Source context
Public repository
Validation status
Verified
Trust signals
98 downloads0 direct98 via packs
· 0 stars · Trust score 91How trust works
Included packs
2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark usefulReport false positiveSuggest metadata