Typescript Insecure Md5 Encryption
Description
Detects usage of MD5 hashing which is cryptographically broken and vulnerable to collision attacks. Using MD5 for encrypting or hashing sensitive data poses a significant security risk as attackers can potentially generate different inputs that produce the same hash value.
Detection Strategy
• Identifies function calls or references to 'md5' or 'MD5' in TypeScript code
• Verifies if the MD5 function is used with sensitive data like passwords, tokens or keys
• Reports a vulnerability when MD5 is used for hashing/encrypting sensitive information
Vulnerable code example
import md5 from "md5";
function generateHash(data: string): string {
// Vulnerable: Using MD5 hash which is cryptographically broken
return md5(data);
}✅ Secure code example
import { createHash } from "crypto";
function generateHash(data: string): string {
// Secure: Using SHA-256 which is cryptographically secure
return createHash("sha256")
.update(data)
.digest("hex");
}Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.