Usage of weak hashing library
- Rule ID: go_gosec_crypto_weak_crypto
- Languages: go
- Source: weak_crypto.yml
Description
Your code uses a weak hashing library, which means it relies on cryptographic algorithms that are no longer secure. This vulnerability can lead to compromised data confidentiality and integrity, as it makes the data susceptible to unauthorized decryption and tampering.
Remediations
- Do replace weak or outdated algorithms with strong, modern alternatives. For encryption, use AES (Advanced Encryption Standard), and for hashing, opt for SHA-256 or higher.
- Do always use the latest versions of cryptographic libraries. These versions are more likely to use secure algorithms and settings by default.
- Do not use cryptographic algorithms that have been deprecated due to known vulnerabilities. Avoid MD5, SHA-1, or DES for any cryptographic operations.
- Do not attempt to create custom cryptographic solutions. Instead use well-reviewed and tested standard cryptographic libraries to ensure security.
References
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=go_gosec_crypto_weak_crypto
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=go_gosec_crypto_weak_crypto