insufficient-pbkdf2-work-factor-sha512
insufficient-pbkdf2-work-factor-sha512
PBKDF2 usage was identified with an insufficient work factor, i.e. an iteration count (rounds) lower than modern guidelines prescribe. Per OWASP guidance, 210K iterations should be used with SHA512
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-916: Use of Password Hash With Insufficient Computational Effort
OWASP:
- A02:2021 - Cryptographic Failures
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-916: Use of Password Hash With Insufficient Computational Effort
OWASP:
- A02:2021 - Cryptographic Failures