Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Biometrics-and-auth
- Commoncrypto
- Hardcoded-iv
- Hardcoded-pbkdf2-passphrase
- Hardcoded-realm
- Hardcoded-salt
- Hardcoded-symmetric-key
- Insecure-crypto-aes-keysize
- Insecure-crypto-algorithm-blowfish
- Insecure-crypto-algorithm-des
- Insecure-crypto-algorithm-rc4
- Insecure-crypto-cbc-mode
- Insecure-crypto-ecb-mode
- Insecure-crypto-keystorage
- Insecure-crypto-rsa-keysize
- Insecure-hashing-algorithm-md2
- Insecure-hashing-algorithm-md4
- Insecure-hashing-algorithm-md5
- Insecure-hashing-algorithm-sha1
- Insufficient-pbkdf2-work-factor-sha1
- Insufficient-pbkdf2-work-factor-sha256
- Insufficient-pbkdf2-work-factor-sha512
- Realmstate-encryption-missing
- Cryptoswift
- Insecure-communication
- Lang
- Pathtraversal
- Sql
- Sqllite
- Webview
- Webview
- Terraform
- Typescript
- Yaml
Insecure-hashing-algorithm-sha1
Insecure hashing algorithm sha1
The use of the SHA1 hashing algorithm was identified which is considered insecure. SHA1 is not collision resistant and is therefore not suitable for cryptographic or secure use-cases. Use stronger algorithms such as SHA256, SHA512, or adaptive hashing algorithms such as argon2 or bcrypt. Note: SHA1 is still considered acceptable when used for Message Authentication Purposes, e.g. with HMAC although better and stronger algorithms should be strongly considered.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures