Usage of weak hashing library (MD5)

Overview

Rule ID: javascript_lang_weak_hash_md5
Applicable Languages: Javascript
Weakness ID: CWE-328

Description

Using a weak hashing library such as MD5 heightens the risk of data breaches. MD5 is susceptible to collision attacks, where different inputs generate the same output, compromising data integrity and security.

Remediation Guidelines

Avoid using MD5 for hashing or security purposes, as it is no longer deemed secure for cryptographic applications.

Choose more robust hashing algorithms, such as SHA-256, for improved security.

const crypto = require("crypto");

const key = "secret key";
const hash = crypto.createHmac("sha256", key).update(user.password).digest('hex');

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of weak encryption algorithm (RC4)NextUsage of weak hashing library on a password (Argon2)

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration