Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Biometrics-and-auth
- Commoncrypto
- Hardcoded-iv
- Hardcoded-pbkdf2-passphrase
- Hardcoded-realm
- Hardcoded-salt
- Hardcoded-symmetric-key
- Insecure-crypto-aes-keysize
- Insecure-crypto-algorithm-blowfish
- Insecure-crypto-algorithm-des
- Insecure-crypto-algorithm-rc4
- Insecure-crypto-cbc-mode
- Insecure-crypto-ecb-mode
- Insecure-crypto-keystorage
- Insecure-crypto-rsa-keysize
- Insecure-hashing-algorithm-md2
- Insecure-hashing-algorithm-md4
- Insecure-hashing-algorithm-md5
- Insecure-hashing-algorithm-sha1
- Insufficient-pbkdf2-work-factor-sha1
- Insufficient-pbkdf2-work-factor-sha256
- Insufficient-pbkdf2-work-factor-sha512
- Realmstate-encryption-missing
- Cryptoswift
- Insecure-communication
- Lang
- Pathtraversal
- Sql
- Sqllite
- Webview
- Webview
- Terraform
- Typescript
- Yaml
Insecure-hashing-algorithm-md4
Insecure hashing algorithm md4
The use of the MD4 hashing algorithm was identified which is considered insecure. MD4 is not collision resistant and is therefore not suitable for cryptographic or secure use-cases. Use stronger algorithms such as SHA256, SHA512, or adaptive hashing algorithms such as argon2 or bcrypt.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures