Usage of weak hashing library (MDx)
- Rule ID: php_lang_weak_hash_md
- Languages: php
- Source: weak_hash_md.yml
Description
Using a weak hashing library, such as MD5, increases the risk of data breaches. MD5 itself is vulnerable to collision attacks, where two different inputs can produce the same hash value, compromising data integrity and security.
Remediations
- Do not use MD5 for hashing. This algorithm is considered weak and vulnerable to attacks.
$encrypted = md5($input); // unsafe
- Do opt for stronger hashing algorithms like SHA-256 to enhance security.
$encrypted = hash('sha256', $input);
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=php_lang_weak_hash_md
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=php_lang_weak_hash_md