Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Biometrics-and-auth
- Commoncrypto
- Hardcoded-iv
- Hardcoded-pbkdf2-passphrase
- Hardcoded-realm
- Hardcoded-salt
- Hardcoded-symmetric-key
- Insecure-crypto-aes-keysize
- Insecure-crypto-algorithm-blowfish
- Insecure-crypto-algorithm-des
- Insecure-crypto-algorithm-rc4
- Insecure-crypto-cbc-mode
- Insecure-crypto-ecb-mode
- Insecure-crypto-keystorage
- Insecure-crypto-rsa-keysize
- Insecure-hashing-algorithm-md2
- Insecure-hashing-algorithm-md4
- Insecure-hashing-algorithm-md5
- Insecure-hashing-algorithm-sha1
- Insufficient-pbkdf2-work-factor-sha1
- Insufficient-pbkdf2-work-factor-sha256
- Insufficient-pbkdf2-work-factor-sha512
- Realmstate-encryption-missing
- Cryptoswift
- Insecure-communication
- Lang
- Pathtraversal
- Sql
- Sqllite
- Webview
- Webview
- Terraform
- Typescript
- Yaml
Insecure-hashing-algorithm-md5
Insecure hashing algorithm md5
The use of the MD5 hashing algorithm was identified which is considered insecure. MD5 is not collision resistant and is therefore not suitable for cryptographic or secure use-cases. Use stronger algorithms such as SHA256, SHA512, or adaptive hashing algorithms such as argon2 or bcrypt. Note: MD5 is still considered acceptable when used for Message Authentication Purposes, e.g. with HMAC although better and stronger algorithms should be strongly considered.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures