Insecure cookie settings can lead to unencrypted cookie transmission. Even if a cookie doesn't contain sensitive data now, sensitive data could be added later. It's good practice to transmit all cookies only through secure channels.

Insecure cookie

Insecure cookies can lead to unencrypted transmission of sensitive data.

Insufficiently random generators or hardcoded seeds can make pseudorandom sequences predictable, which may lead to security vulnerabilities.

Weak pseudorandom number generation

Insufficiently random generators (or hardcoded seeds) can make pseudorandom sequences predictable.

A hashing algorithm is weak if it is easy to determine the original input from the hash or to find another input that yields the same hash. Weak hashing algorithms can lead to security vulnerabilities.

Insecure hashing

Obsolete, broken, or weak hashing algorithms can lead to security vulnerabilities.

Connections that use insecure protocols transmit data in cleartext. This introduces a risk of exposing sensitive data to third parties.

Insecure connection using unencrypted protocol

Connections that use insecure protocols transmit data in cleartext, which can leak sensitive information.

Amazon Q

Detector Library

Kotlin detectors (23/23)

Tag: cryptography

Insecure cookie

Weak pseudorandom number generation

Insecure hashing

Insecure connection using unencrypted protocol