Usage of weak hashing library on a password (MD5)

Overview

Rule ID: javascript_lang_weak_password_hash_md5
Applicable Languages: Javascript
Weakness ID: CWE-326

Description

Using a weak hashing library such as MD5 for password storage undermines security. MD5 is outdated and vulnerable, increasing the likelihood of attackers successfully cracking passwords and gaining unauthorized access.

Remediation Guidelines

Avoid using MD5 for hashing passwords or sensitive data, as it is no longer deemed secure.
Use a robust and recommended hashing library, such as Argon2id, for password hashing. This approach improves security by significantly increasing the difficulty for attackers to crack stored passwords.
```
const argon2 = require("argon2");
const hash = await argon2.hash(req.params.password, { type: argon2.argon2id })
```

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of weak hashing library on a password (Argon2)NextUsage of weak hashing library on a password (SHA-1)

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration