Why This Issue Is Important
The use of weak hash algorithms, such as MD5 and SHA-1, poses significant security risks. These algorithms are susceptible to various cryptographic attacks, including collision and pre-image attacks, which can compromise the integrity and authenticity of data. Attackers can exploit these weaknesses to forge data or create malicious duplicates that appear legitimate. In modern security practices, the use of these outdated algorithms is discouraged due to their proven vulnerabilities and the availability of stronger, more secure alternatives.
How This Issue Is Detected
CodeSent analyzing the configuration and code within Apigee policies to identify any instances where weak hash algorithms are being used. By scanning for the use of functions like MD5() or SHA1(), the system flags these occurrences as potential security risks.
How to Fix the Issue
Replace the use of weak hash algorithms with stronger, more secure alternatives. For instance:
var unhashed_token = "some token to hash";
var sha512 = crypto.getSHA512();
sha512.update(unhashedToken);
// convert to base64
var base64Token = sha512.digest64();