Weak encryption library usage detected.
- Source: weak_password_encryption.yml
Passwords should be encrypted with strong encryption algorithms like aes-256-cbc
According to OWASP: MD5, RC4, DES, Blowfish, SHA1. 1024-bit RSA or DSA, 160-bit ECDSA (elliptic curves), 80/112-bit 2TDEA (two key triple DES) are considered as weak hash/encryption algorithms and therefore shouldn't be used.
✅ Use stronger encryption algorithms when storing passwords.
const crypto = require("crypto");
const key = "secret key";
const encrypted = crypto.createHmac("es-256-cbc", key).update(user.password);
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
- CWE-916: Use of Password Hash With Insufficient Computational Effort
OWASP Top 10
Ready to take the next step? Join the Bearer Cloud waitlist.