github-actions[bot]
commented
2 years ago Veracode issue link to PR: https://github.com/gwhittemore-veracode/Veracode-GW-Training-demo/pull/7
Open github-actions[bot] opened 2 years ago
github-actions[bot]
commented
2 years ago Veracode issue link to PR: https://github.com/gwhittemore-veracode/Veracode-GW-Training-demo/pull/7
github-actions[bot]
commented
1 year ago Veracode issue link to PR: https://github.com/gwhittemore-veracode/Veracode-GW-Training-demo/pull/174
https://github.com/gwhittemore-veracode/Veracode-GW-Training-demo/blob/2add22ec1b5a85a51e5134a9af33bf2e99488d44/com/veracode/verademo/utils/User.java#L98-L108
Filename: com/veracode/verademo/utils/User.java
Line: 103
CWE: 327 (Use of a Broken or Risky Cryptographic Algorithm)
This function uses the MD5() function, which uses a hash algorithm that is considered weak. In recent years, researchers have demonstrated ways to breach many uses of previously-thought-safe hash functions such as MD5. Consider using a stronger algorithm in order to prevent attackers from being able to manipulate hash results. If this algorithm is being used to hash passwords, then consider using a strong computationally-hard algorithm such as PBKDF2 or bcrypt instead of a plain hashing algorithm. References: CWE