Weak encryption library usage detected.
- Source: weak_encryption.yml
Sensitive data should be encrypted with strong encryption algorithms like aes-256-cbc
According to OWASP: MD5, RC4, DES, Blowfish, SHA1. 1024-bit RSA or DSA, 160-bit ECDSA (elliptic curves), 80/112-bit 2TDEA (two key triple DES) are considered as weak hash/encryption algorithms and therefore shouldn't be used.
✅ Use stronger encryption algorithms when storing data.
const crypto = require("crypto");
const key = "secret key";
const encrypted = crypto.createHmac("es-256-cbc", key).update(user.password);
OWASP Top 10
Ready to take the next step? Join the Bearer Cloud waitlist.