Usage of weak hashing library on a password (MD5)
PreviousUsage of weak hashing library on a password (Argon2)NextUsage of weak hashing library on a password (SHA-1)
Last updated
Last updated
Rule ID: javascript_lang_weak_password_hash_md5
Applicable Languages: Javascript
Weakness ID: CWE-326
Using a weak hashing library such as MD5 for password storage undermines security. MD5 is outdated and vulnerable, increasing the likelihood of attackers successfully cracking passwords and gaining unauthorized access.
Avoid using MD5 for hashing passwords or sensitive data, as it is no longer deemed secure.
Use a robust and recommended hashing library, such as Argon2id, for password hashing. This approach improves security by significantly increasing the difficulty for attackers to crack stored passwords.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our