Ruby Sensitive Information Weak Sha1

Description

Detects usage of SHA1 hashing algorithm in Ruby code, which is cryptographically broken and vulnerable to collision attacks. Applications using SHA1 for password hashing, digital signatures, or other security purposes are at risk since attackers can generate colliding values.

Weakness:

262 - Insecure encryption algorithm - SHA1

Category: Information Collection

Detection Strategy

• Checks if the Ruby code imports 'digest' or 'openssl' libraries

• Identifies direct SHA1 hash creation through constant strings containing 'SHA1'

• Detects SHA1 usage through constructor calls like Digest::SHA1.new() or OpenSSL::Digest::SHA1.new()

• Reports vulnerability when SHA1 is used in any of these patterns, suggesting use of stronger algorithms like SHA-256 or SHA-3

Vulnerable code example

require 'digest'

# SHA1 is cryptographically broken and vulnerable to collision attacks
password = "secret123"
hash = Digest::SHA1.hexdigest(password)  # Vulnerable: Using SHA1 hash function

✅ Secure code example

require 'digest'

# Use SHA-256 instead of SHA1 for secure password hashing
password = "secret123"  
hash = Digest::SHA256.hexdigest(password)  # Secure: Using SHA-256 hash function

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.