Description:
The mobile application uses weak hashing algorithms. Weak hashing algorithms (e.g. MD2, MD4, MD5 or SHA-1) can be
vulnerable to collisions and other security weaknesses, and should not be used when reliable hashing of data is required.
Example of insecure code:
MessageDigest md = MessageDigest.getInstance("SHA-1");
Example of secure code:
MessageDigest md = MessageDigest.getInstance("SHA-256");
Details:
There is 'getInstance("SHA-1")' found in file 'c/b/d/k/c.java':
[line 9: try {]
[line 10: MessageDigest instance = MessageDigest.getInstance("SHA-1");]
[line 11: instance.update(bArr, 0, bArr.length);]
There is 'getInstance("SHA-1")' found in file 'com/appsflyer/internal/ae.java':
[line 97: try {]
[line 98: MessageDigest instance = MessageDigest.getInstance("SHA-1");]
[line 99: instance.reset();]
There is 'getInstance("MD5")' found in file 'com/RNFetchBlob/h.java':
[line 52: try {]
[line 53: MessageDigest instance = MessageDigest.getInstance("MD5");]
[line 54: instance.update(str.getBytes());]
WEAK HASHING ALGORITHMS [M5] [CWE-916] [SAST] HIGH
There is 'getInstance("MD5")' found in file 'com/appsflyer/internal/ae.java':
[line 57: try {]
[line 58: MessageDigest instance = MessageDigest.getInstance("MD5");]
[line 59: instance.reset();]
CVSSv3 Base Score:
5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Description: The mobile application uses weak hashing algorithms. Weak hashing algorithms (e.g. MD2, MD4, MD5 or SHA-1) can be vulnerable to collisions and other security weaknesses, and should not be used when reliable hashing of data is required. Example of insecure code: MessageDigest md = MessageDigest.getInstance("SHA-1"); Example of secure code: MessageDigest md = MessageDigest.getInstance("SHA-256"); Details: There is 'getInstance("SHA-1")' found in file 'c/b/d/k/c.java': [line 9: try {] [line 10: MessageDigest instance = MessageDigest.getInstance("SHA-1");] [line 11: instance.update(bArr, 0, bArr.length);] There is 'getInstance("SHA-1")' found in file 'com/appsflyer/internal/ae.java': [line 97: try {] [line 98: MessageDigest instance = MessageDigest.getInstance("SHA-1");] [line 99: instance.reset();] There is 'getInstance("MD5")' found in file 'com/RNFetchBlob/h.java': [line 52: try {] [line 53: MessageDigest instance = MessageDigest.getInstance("MD5");] [line 54: instance.update(str.getBytes());]
WEAK HASHING ALGORITHMS [M5] [CWE-916] [SAST] HIGH
There is 'getInstance("MD5")' found in file 'com/appsflyer/internal/ae.java': [line 57: try {] [line 58: MessageDigest instance = MessageDigest.getInstance("MD5");] [line 59: instance.reset();] CVSSv3 Base Score: 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)