Skip to content

Use of a Broken or Risky Cryptographic Algorithm ('Cryptographic Issues') [VID:2] #23

New issue
New issue
Open
Open
Use of a Broken or Risky Cryptographic Algorithm ('Cryptographic Issues') [VID:2]#23
Labels
Veracode Policy ScanA Veracode Flaw found during a Policy or Sandbox ScanVeracodeFlaw: MediumA Veracode Flaw, Medium severity
@veracode-workflow-app-preprod

Description

@veracode-workflow-app-preprod
veracode-workflow-app-preprod
bot
opened on Nov 14, 2025

https://github.com/Github-Workflow-Test-Org/govwanew/blob/3d38a7004014b85716c141e838513e5e56f1fe89//vulnerability/idor/idor.go#L159-L169

Filename: idor.go

Line: 164

CWE: 327 (Use of a Broken or Risky Cryptographic Algorithm ('Cryptographic Issues'))

This function uses the crypto::md5::New() function, which uses a hash algorithm that is considered weak. In recent years, researchers have demonstrated ways to breach many uses of previously-thought-safe hash functions such as MD5. Consider using a stronger algorithm in order to prevent attackers from being able to manipulate hash results. If this algorithm is being used to hash passwords, then consider using a strong computationally-hard algorithm such as PBKDF2 or bcrypt instead of a plain hashing algorithm. References: CWE/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode

Metadata

Metadata

Assignees

No one assigned

    Labels

    Veracode Policy ScanA Veracode Flaw found during a Policy or Sandbox ScanVeracodeFlaw: MediumA Veracode Flaw, Medium severity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions