gitlab.find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1
unknown
Download Count*
License
DES is considered strong ciphers for modern applications. Currently, NIST recommends the usage of AES block ciphers instead of DES.
Run Locally
Run in CI
Defintion
rules:
- id: find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1
patterns:
- pattern-either:
- pattern: MessageDigest.getInstance($ALG, ...)
- pattern: Signature.getInstance($ALG, ...)
- metavariable-regex:
metavariable: $ALG
regex: .*(MD5|MD4|MD2|SHA1|SHA-1).*
message: >
DES is considered strong ciphers for modern applications. Currently, NIST
recommends the usage
of AES block ciphers instead of DES.
languages:
- java
severity: WARNING
metadata:
category: security
cwe: "CWE-326: Inadequate Encryption Strength"
technology:
- java
primary_identifier: find_sec_bugs.WEAK_MESSAGE_DIGEST_MD5-1.WEAK_MESSAGE_DIGEST_SHA1-1
secondary_identifiers:
- name: Find Security Bugs-WEAK_MESSAGE_DIGEST_MD5
type: find_sec_bugs_type
value: WEAK_MESSAGE_DIGEST_MD5
- name: Find Security Bugs-WEAK_MESSAGE_DIGEST_SHA1
type: find_sec_bugs_type
value: WEAK_MESSAGE_DIGEST_SHA1
license: MIT
Short Link: https://sg.run/L2R7