Source code should be inspected for uses of weak cryptographic algorithms. The inspections may reveal the use of weak cryptography by third party code. Use the 'Findings Evidence' to determine what insecure APIs were observed during analysis.
Steps to Reproduce
While the application runs, cryptographic APIs are monitored to identify any insecure usage of cryptographic algorithms or primitives. Insecure hashing algorithms include uses of MD2, MD3, MD4, MD5 and SHA1.
Insecure cryptographic hashing algorithms were detected in use by the application.
Remediation Resources
Utilize cryptographic hashing algorithms that are considered secure and advocated for in best practice recommendation.
Guidance can be found for Android and from Apple.
Finding Description
Source code should be inspected for uses of weak cryptographic algorithms. The inspections may reveal the use of weak cryptography by third party code. Use the 'Findings Evidence' to determine what insecure APIs were observed during analysis.
Steps to Reproduce
While the application runs, cryptographic APIs are monitored to identify any insecure usage of cryptographic algorithms or primitives. Insecure hashing algorithms include uses of
MD2,MD3,MD4,MD5andSHA1.Insecure cryptographic hashing algorithms were detected in use by the application.
Remediation Resources
Utilize cryptographic hashing algorithms that are considered secure and advocated for in best practice recommendation. Guidance can be found for Android and from Apple.
For more guidance on best practices in picking strong cryptography, please see OWASP's Cryptographic Storage Cheat Sheet.
Risk and Regulatory Information
Severity: low CVSS: 3.7
Application
See more detail in the NowSecure Report