Skip to content

MB-5370 - [CAT II] gosec G401: Use of weak cryptographic primitive

Moderate
chtakahashi published GHSA-28rc-x4fg-56m2 Nov 30, 2022

Package

No package listed

Affected versions

1.0

Patched versions

None

Description

Impact

MD2, MD4, MD5, RIPEMD-160, and SHA-1 are popular cryptographic hash algorithms often used to verify the integrity of messages and other data. Cryptanalysis research has revealed fundamental weaknesses in these algorithms their use is not recommended in security-critical contexts.

Do not rely on MD and RIPEMD hashing algorithms for security. Effective techniques for breaking MD and RIPEMD hashes are widely available. In the case of SHA-1, current techniques still require a significant amount of computational power and are difficult to implement. However, attackers have discovered weaknesses in the algorithm and techniques for breaking it can lead to the discovery of even faster attacks.
https://vulncat.fortify.com/en/detail?id=desc.semantic.abap.weak_cryptographic_hash#Golang

References

https://dp3.atlassian.net/browse/MB-5370

For more information

Severity

Moderate

CVE ID

No known CVE

Weaknesses

No CWEs