Usage of Weak Hashing Library on a Password (SHA-1)

Overview

Rule ID: java_lang_weak_password_hash_sha1
Applicable Languages: Java
Weakness ID: CWE-326

Description

Using a weak hashing algorithm like SHA-1 for passwords increases the risk of data breaches. SHA-1 is vulnerable to collision attacks, where distinct inputs can produce the same hash value, compromising data integrity and security.

Remediation Guidelines

Do not use SHA-1 for hashing passwords or sensitive data due to its vulnerabilities.
```
MessageDigest md = MessageDigest.getInstance("SHA-1");
```
Instead, use stronger hashing algorithms such as SHA-256 to improve security.
```
MessageDigest md = MessageDigest.getInstance("SHA-256");
```

References

Java MessageDigest class
CWE-326: Inadequate Encryption Strength
OWASP Top 10: A02:2021 - Cryptographic Failures

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of weak encryption algorithm (DES)NextUsage of Weak Hashing library (MD5)

Last updated 3 months ago