unsafe-argon2-config
Prefer Argon2id where possible. Per RFC9016, section 4 IETF recommends selecting Argon2id unless you can guarantee an adversary has no direct access to the computing environment.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-916: Use of Password Hash With Insufficient Computational Effort
OWASP:
- A02:2021 - Cryptographic Failures
unsafe-argon2-config
Prefer Argon2id where possible. Per RFC9016, section 4 IETF recommends selecting Argon2id unless you can guarantee an adversary has no direct access to the computing environment.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-916: Use of Password Hash With Insufficient Computational Effort
OWASP:
- A02:2021 - Cryptographic Failures