TechQA.

CWE-326 on FIPS compliant AES256

274 views Asked by At

Why does Veracode flag the following FIPS compliant C#?

var cipher = new AesCng()
{
  BlockSize = 128,
  KeySize = 256,
  Mode = CipherMode.CBC,
  Padding = PaddingMode.PKCS7
};
c# veracode
Original Q&A
1

There are 1 answers

2
Tim Jarrett On BEST ANSWER

Hi: current Veracode scans likely wouldn't flag CWE 326 on a use of AES with a key size of 256. If this was a recent scan, could you please reach out to Veracode Support so we can take a closer look to find out why this was flagged?

If this was a result from an older scan, you may want to try rescanning the application to see if the issue is still flagged.

Related Questions in C#

Related Questions in VERACODE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions