Sensitive data encrypted with a weak encryption library detected.


A weak encryption or hashing library can lead to data breaches and greater security risk. This rule checks if weak encryption techniques are used on sensitive data.


According to OWASP: MD5, RC4, DES, Blowfish, SHA1. 1024-bit RSA or DSA, 160-bit ECDSA (elliptic curves), 80/112-bit 2TDEA (two key triple DES) are considered as weak hash/encryption algorithms and therefor shouldn't be used.

❌ Avoid libraries and algorithms with known weaknesses:

Digest::SHA1.hexdigest 'weak password encryption'"weak password encryption")"weak password encryption") 1024 1024
Digest::MD5.hexdigest 'unsecure string'

✅ Instead, we recommend using bcrypt:



Associated CWE

OWASP Top 10