Usage of Weak Hashing library (MD5)

Overview

Rule ID: java_lang_weak_hash_md5
Applicable Languages: Java
Weakness ID: CWE-328

Description

Using a weak hashing algorithm such as MD5 heightens the risk of data breaches. MD5 is susceptible to collision attacks, where different inputs generate the same hash, undermining data integrity and security.

Remediation Guidelines

Do not use MD5 for hashing purposes. This algorithm is no longer considered secure and can compromise data integrity.
```
MessageDigest md = MessageDigest.getInstance("MD5"); // unsafe
```
Do opt for stronger hashing algorithms like SHA-256 to ensure data security.
```
MessageDigest md = MessageDigest.getInstance("SHA-256");
```

References

Configuration

PreviousUsage of Weak Hashing Library on a Password (SHA-1)NextSAST JavaScript Rules

Last updated 8 months ago