PBKDF2 usage was identified with an insufficient work factor, i.e. an iteration count (rounds) lower than modern guidelines prescribe. Per OWASP guidance, 210K iterations should be used with SHA512
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-916: Use of Password Hash With Insufficient Computational Effort
OWASP:
- A02:2021 - Cryptographic Failures