gitlab.bandit.B304-1
385
Download Count*
License
Detected MD2 hash algorithm which is considered insecure. This algorithm has many known vulnerabilities and has been deprecated. Use SHA256 or SHA3 instead.
Run Locally
Run in CI
Defintion
rules:
- id: bandit.B304-1
patterns:
- pattern-either:
- pattern: Crypto.Hash.MD2.new(...)
- pattern: Cryptodome.Hash.MD2.new (...)
message: >
Detected MD2 hash algorithm which is considered insecure. This algorithm
has many known vulnerabilities and has been deprecated. Use SHA256 or SHA3 instead.
metadata:
cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
owasp: "A3: Sensitive Data Exposure"
primary_identifier: bandit.B304-1
secondary_identifiers:
- name: Bandit Test ID B304-1
type: bandit_test_id
value: B304-1
license: MIT
severity: WARNING
languages:
- python
Short Link: https://sg.run/8RRy