Code Security Finding: Weak Hash Strength (CWE-328, Low Severity) in HashingAssignment.java:55 #50

joshn-whitesource-app · 2024-02-15T15:34:18Z

Code Security Finding

This finding was first detected on 2024-02-07 06:22pm GMT and is still present in the last scan performed on 2024-02-15 03:32pm GMT:

Severity

Vulnerability Type

CWE

File

Data Flows

Low

Weak Hash Strength

CWE-328

HashingAssignment.java:55

1

Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java

Lines 50 to 55 in 94a3226

    
           String md5Hash = (String) request.getSession().getAttribute("md5Hash"); 
        
           if (md5Hash == null) { 
        
             String secret = SECRETS[new Random().nextInt(SECRETS.length)]; 
        
             MessageDigest md = MessageDigest.getInstance("MD5");

1 Data Flow/s detected

Secure Code Warrior Training Material

● Training

▪ Secure Code Warrior Weak Hash Strength Training

● Videos

▪ Secure Code Warrior Weak Hash Strength Video

● Further Reading

▪ OWASP Cryptographic Storage Cheat Sheet

▪ OWASP Transport Layer Protection Cheat Sheet

▪ OWASP Password Storage Cheat Sheet

▪ OWASP Using a broken or risky cryptographic algorithm article

🏴 Suppress Finding

... as False Alarm
... as Acceptable Risk

joshn-whitesource-app bot added the Mend: code security findings Code security findings detected by Mend label Feb 15, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Code Security Finding: Weak Hash Strength (CWE-328, Low Severity) in HashingAssignment.java:55 #50

Code Security Finding: Weak Hash Strength (CWE-328, Low Severity) in HashingAssignment.java:55 #50

joshn-whitesource-app bot commented Feb 15, 2024

Code Security Finding: Weak Hash Strength (CWE-328, Low Severity) in HashingAssignment.java:55 #50

Code Security Finding: Weak Hash Strength (CWE-328, Low Severity) in HashingAssignment.java:55 #50

Comments

joshn-whitesource-app bot commented Feb 15, 2024

Code Security Finding