CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
        • Biometrics-and-auth
        • Commoncrypto
          • Hardcoded-iv
          • Hardcoded-pbkdf2-passphrase
          • Hardcoded-realm
          • Hardcoded-salt
          • Hardcoded-symmetric-key
          • Insecure-crypto-aes-keysize
          • Insecure-crypto-algorithm-blowfish
          • Insecure-crypto-algorithm-des
          • Insecure-crypto-algorithm-rc4
          • Insecure-crypto-cbc-mode
          • Insecure-crypto-ecb-mode
          • Insecure-crypto-keystorage
          • Insecure-crypto-rsa-keysize
          • Insecure-hashing-algorithm-md2
          • Insecure-hashing-algorithm-md4
          • Insecure-hashing-algorithm-md5
          • Insecure-hashing-algorithm-sha1
          • Insufficient-pbkdf2-work-factor-sha1
          • Insufficient-pbkdf2-work-factor-sha256
            • Insufficient pbkdf2 work factor sha256
          • Insufficient-pbkdf2-work-factor-sha512
          • Realmstate-encryption-missing
        • Cryptoswift
        • Insecure-communication
        • Lang
        • Pathtraversal
        • Sql
        • Sqllite
        • Webview
        • Webview
      • Terraform
      • Typescript
      • Yaml
    Insufficient-pbkdf2-work-factor-sha256

    Insufficient pbkdf2 work factor sha256

    PBKDF2 usage was identified with an insufficient work factor, i.e. an iteration count (rounds) lower than modern guidelines prescribe. Per OWASP guidance, 600K iterations should be used with SHA256
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-916: Use of Password Hash With Insufficient Computational Effort
    OWASP:
    - A02:2021 - Cryptographic Failures

    Insufficient pbkdf2 work factor sha1Insufficient pbkdf2 work factor sha512
    twitterlinkedin
    Powered by Mintlify