Insecure encryption algorithm - MD5 | Fluid Attacks Database

Database

Description

The web application uses insecure algorithms such as MD5 to hash passwords.

Impact

Crack captured credential easily.

Recommendation

Use secure hashing algorithms to store passwords like PBKDF2.

Threat

Authenticated attacker from the Internet with compromised DB hashes.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

148 - Set minimum size of asymmetric encryption 150 - Set minimum size for hash functions

Rules

Ssl Tls Certificate Weak Signature Md5 Swift Weak Hash Md5 Typescript Sensitive Information Weak Md5 Dart Weak Hash Md5 Javascript Sensitive Information Weak Md5 Typescript Insecure Md5 Encryption Ruby Sensitive Information Weak Md5 Javascript Cryptojs Passphrase Mode Javascript Insecure Md5 Encryption Typescript Cryptojs Passphrase Mode

Fixes

Csharp Go Java JavaScript/TypeScript Python Ruby Scala