CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
      • Biometrics-and-auth
      • Commoncrypto
        • Hardcoded-iv
        • Hardcoded-pbkdf2-passphrase
        • Hardcoded-realm
        • Hardcoded-salt
        • Hardcoded-symmetric-key
        • Insecure-crypto-aes-keysize
        • Insecure-crypto-algorithm-blowfish
        • Insecure-crypto-algorithm-des
        • Insecure-crypto-algorithm-rc4
        • Insecure-crypto-cbc-mode
        • Insecure-crypto-ecb-mode
        • Insecure-crypto-keystorage
        • Insecure-crypto-rsa-keysize
        • Insecure-hashing-algorithm-md2
        • Insecure-hashing-algorithm-md4
        • Insecure-hashing-algorithm-md5
        • Insecure-hashing-algorithm-sha1
        • Insufficient-pbkdf2-work-factor-sha1
        • Insufficient-pbkdf2-work-factor-sha256
          • Insufficient pbkdf2 work factor sha256
        • Insufficient-pbkdf2-work-factor-sha512
        • Realmstate-encryption-missing
      • Cryptoswift
      • Insecure-communication
      • Lang
      • Pathtraversal
      • Sql
      • Sqllite
      • Webview
      • Webview
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Insufficient-pbkdf2-work-factor-sha256

Insufficient pbkdf2 work factor sha256

insufficient-pbkdf2-work-factor-sha256

PBKDF2 usage was identified with an insufficient work factor, i.e. an iteration count (rounds) lower than modern guidelines prescribe. Per OWASP guidance, 600K iterations should be used with SHA256
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-916: Use of Password Hash With Insufficient Computational Effort
OWASP:
- A02:2021 - Cryptographic Failures
Insufficient pbkdf2 work factor sha1Insufficient pbkdf2 work factor sha512
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.