Insecure-hashing-algorithm-sha1
Insecure hashing algorithm sha1
insecure-hashing-algorithm-sha1
insecure-hashing-algorithm-sha1
The use of the SHA1 hashing algorithm was identified which is considered insecure. SHA1 is not collision resistant and is therefore not suitable for cryptographic or secure use-cases. Use stronger algorithms such as SHA256, SHA512, or adaptive hashing algorithms such as argon2 or bcrypt. Note: SHA1 is still considered acceptable when used for Message Authentication Purposes, e.g. with HMAC although better and stronger algorithms should be strongly considered.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures