Use of a Broken or Risky Cryptographic Algorithm [VID:327:github.com/govwa/user/user.go:160] #10
Labels
Veracode Pipeline Scan
A Veracode Flaw found during a Pipeline Scan
VeracodeFlaw: Medium
A Veracode Flaw, Medium severity
Comments
veracode-workflow-app
bot
added
Veracode Pipeline Scan
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/GitHub-workflow-APP/govwa/blob/06b43e31ee005d627f392dc0ffd88e011284e3bb//user/user.go#L155-L165
Filename: github.com/govwa/user/user.go
Line: 160
CWE: 327 (Use of a Broken or Risky Cryptographic Algorithm)
This function uses the crypto::md5::New() function, which uses a hash algorithm that is considered weak. In recent years, researchers have demonstrated ways to breach many uses of previously-thought-safe hash functions such as MD5. Consider using a stronger algorithm in order to prevent attackers from being able to manipulate hash results. If this algorithm is being used to hash passwords, then consider using a strong computationally-hard algorithm such as PBKDF2 or bcrypt instead of a plain hashing algorithm. References: CWE/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode
The text was updated successfully, but these errors were encountered: