Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Biometrics-and-auth
- Commoncrypto
- Hardcoded-iv
- Hardcoded-pbkdf2-passphrase
- Hardcoded-realm
- Hardcoded-salt
- Hardcoded-symmetric-key
- Insecure-crypto-aes-keysize
- Insecure-crypto-algorithm-blowfish
- Insecure-crypto-algorithm-des
- Insecure-crypto-algorithm-rc4
- Insecure-crypto-cbc-mode
- Insecure-crypto-ecb-mode
- Insecure-crypto-keystorage
- Insecure-crypto-rsa-keysize
- Insecure-hashing-algorithm-md2
- Insecure-hashing-algorithm-md4
- Insecure-hashing-algorithm-md5
- Insecure-hashing-algorithm-sha1
- Insufficient-pbkdf2-work-factor-sha1
- Insufficient-pbkdf2-work-factor-sha256
- Insufficient-pbkdf2-work-factor-sha512
- Realmstate-encryption-missing
- Cryptoswift
- Insecure-communication
- Lang
- Pathtraversal
- Sql
- Sqllite
- Webview
- Webview
- Terraform
- Typescript
- Yaml
Insecure-hashing-algorithm-md2
Insecure hashing algorithm md2
The use of the MD2 hashing algorithm was identified which is considered insecure. MD2 is not collision resistant and is therefore not suitable for cryptographic or secure use-cases. Use stronger algorithms such as SHA256, SHA512, or adaptive hashing algorithms such as argon2 or bcrypt.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures