Insecure Cryptographic Storage

ID: VUL-004 • Severity: High • Category: Cryptography

Vulnerability Details

ID:

VUL-004

CWE:

CWE-327

CVSS:

8.2

Severity:

High

Status:

Open

Category:

Cryptography

False Positive:1.0%

File:src/services/auth-service.js

Line:78

Passwords are being stored using an outdated hashing algorithm (MD5) which is considered insecure.

Detected:Dec 18, 2023, 11:20 AM

Risk Assessment

Calculated risk score and contributing factors

10.0/10

Critical risk - immediate remediation recommended

Severity8/10

High severity vulnerabilities can significantly impact security

Exploitability4/10

Cryptography vulnerabilities are less commonly exploited

False Positive Likelihood10/10

1% chance this is a false positive

Vulnerable Code

73const hashedPassword = crypto.createHash('md5').update(password).digest('hex');

AI Fix Suggestions

Let AI generate multiple fix suggestions for this vulnerability

Our AI can analyze this vulnerability and suggest multiple approaches to fix it, tailored to your codebase and security requirements.