0

Fortify scan check is showing weak encryption js-xlsx file. It is showing that RC4 is a vulnerable and weak encryption method. It is recommended to use strong encryption instead of RC4.

Below is the code for rc4 encryption.

function parse_RC4CryptoHeader(blob, length) {
    var o = {};
    var vers = o.EncryptionVersionInfo = parse_CRYPTOVersion(blob, 4);
    length -= 4;
    if (vers.Minor != 2)
        throw new Error('unrecognized minor version code: ' + vers.Minor);
    if (vers.Major > 4 || vers.Major < 2)
        throw new Error('unrecognized major version code: ' + vers.Major);
    o.Flags = blob.read_shift(4);
    length -= 4;
    var sz = blob.read_shift(4);
    length -= 4;
    o.EncryptionHeader = parse_EncryptionHeader(blob, sz);
    length -= sz;
    o.EncryptionVerifier = parse_EncryptionVerifier(blob, length);
    return o;
}

/* [MS-OFFCRYPTO] 2.3.6.1 RC4 Encryption Header */
function parse_RC4Header(blob) {
    var o = {};
    var vers = o.EncryptionVersionInfo = parse_CRYPTOVersion(blob, 4);
    if (vers.Major != 1 || vers.Minor != 1)
        throw 'unrecognized version code ' + vers.Major + ' : ' + vers.Minor;
    o.Salt = blob.read_shift(16);
    o.EncryptedVerifier = blob.read_shift(16);
    o.EncryptedVerifierHash = blob.read_shift(16);
    return o;
}

Can anyone help me to convert these methods into a secure encryption algorithm?

Nikita
  • 33
  • 1
  • 6

0 Answers0