Scala Insecure Pass Generation
Description
Detects the usage of cryptographically weak or deprecated password encoders from Spring Security framework, such as MD5, SHA-1, and NoOp encoders. These insecure password hashing mechanisms can make stored passwords vulnerable to brute force or rainbow table attacks.
Detection Strategy
• Look for instantiations or references to insecure Spring Security password encoder classes including:
• - ShaPasswordEncoder, Md5PasswordEncoder, LdapShaPasswordEncoder
• - Md4PasswordEncoder, MessageDigestPasswordEncoder, NoOpPasswordEncoder
• - StandardPasswordEncoder, SCryptPasswordEncoder
• Flag any usage of these classes as they provide insufficient cryptographic protection for passwords
• The vulnerability is reported when code directly references these specific encoder class names from the org.springframework.security package
Vulnerable code example
import javax.crypto.Cipher
object WeakCrypto {
def main(args: Array[String]): Unit = {
// Vulnerable: Uses weak DES encryption algorithm
val cipher1 = Cipher.getInstance("DES/ECB/PKCS5Padding")
// Vulnerable: Uses ECB mode which is cryptographically insecure...✅ Secure code example
import javax.crypto.Cipher
import javax.crypto.spec.{GCMParameterSpec, IvParameterSpec}
import java.security.SecureRandom
object SecureCrypto {
def main(args: Array[String]): Unit = {
val random = new SecureRandom()
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.