Open clavedeluna opened 4 days ago
This one is difficult to remediate because if the application is using a particular hash algorithm for passwords, and we change that algorithm, it's likely a breaking change for any passwords that are stored in the database with the old hash algorithm.
really good point, I forgot this is the case. Should we close this? At least there's a bread crumb explaining it.
Running semgrep on pygoat
We should be able to write a basic transformer to replace md5 with more secure functions to create passwords. Do some research to decide on what's best here.