Skip to content

Use of a Broken or Risky Cryptographic Algorithm [VID:327:github.com/govwa/user/user.go:160] #10

New issue
New issue
Open
Open
Use of a Broken or Risky Cryptographic Algorithm [VID:327:github.com/govwa/user/user.go:160]#10
Labels
Veracode Pipeline ScanA Veracode Flaw found during a Pipeline ScanVeracodeFlaw: MediumA Veracode Flaw, Medium severity
@veracode-workflow-app

Description

@veracode-workflow-app
veracode-workflow-app
bot
opened on Mar 3, 2025

https://github.com/GitHub-workflow-APP/govwa/blob/06b43e31ee005d627f392dc0ffd88e011284e3bb//user/user.go#L155-L165

Filename: github.com/govwa/user/user.go

Line: 160

CWE: 327 (Use of a Broken or Risky Cryptographic Algorithm)

This function uses the crypto::md5::New() function, which uses a hash algorithm that is considered weak. In recent years, researchers have demonstrated ways to breach many uses of previously-thought-safe hash functions such as MD5. Consider using a stronger algorithm in order to prevent attackers from being able to manipulate hash results. If this algorithm is being used to hash passwords, then consider using a strong computationally-hard algorithm such as PBKDF2 or bcrypt instead of a plain hashing algorithm. References: CWE/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode

Metadata

Metadata

Assignees

No one assigned

    Labels

    Veracode Pipeline ScanA Veracode Flaw found during a Pipeline ScanVeracodeFlaw: MediumA Veracode Flaw, Medium severity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions