Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.
Cryptographic algorithms are the backbone of modern information security. Using algorithms that have known weaknesses, such as MD5 or DES, can make it trivial for attackers to defeat the protection.
普遍性
高
频繁被利用
影响
高
3 条严重级别为高的规则
预防
已记录
4 个修复示例
2 预防
2 预防
如何修复此漏洞
基于 4 条 Shoulder 检测规则的 Broken Cryptographic Algorithm 预防策略。
Go
查看全部 Go 详情 →
Use of Weak Cryptographic Algorithm
HIGH
Replace MD5/SHA1/DES/RC4 with bcrypt, SHA-256, or AES-GCM
- import "crypto/md5" - - func hashPassword(password string) string { - hash := md5.Sum([]byte(password)) - return hex.EncodeToString(hash[:]) + import "golang.org/x/crypto/bcrypt" + + func hashPassword(password string) (string, error) { + hash, err := bcrypt.GenerateFromPassword([]byte(password), 12) + if err != nil { + return "", err + } + return string(hash), nil }
JavaScript
查看全部 JavaScript 详情 →
JWT Algorithm Confusion Attack
HIGH
Always specify allowed algorithms when verifying JWT tokens
- const decoded = jwt.verify(token, secret); + const decoded = jwt.verify(token, secret, { + algorithms: ['RS256'] + });
Use of Weak Cryptographic Algorithm
HIGH
Use SHA-256+ for hashing, AES-256-GCM for encryption, and bcrypt for passwords
- const hash = crypto.createHash('md5').update(data).digest('hex'); + const hash = crypto.createHash('sha256').update(data).digest('hex');
Python
查看全部 Python 详情 →
Weak Cryptographic Algorithm
MEDIUM
Replace MD5/SHA-1/DES/RC4 with SHA-256/SHA-3 for hashing and AES-GCM for encryption
import hashlib def verify_integrity(data): - return hashlib.md5(data.encode()).hexdigest() + return hashlib.sha256(data.encode()).hexdigest()
3 检测
3 检测
查找代码中的漏洞
使用Shoulder扫描代码中的Use of a Broken or Risky Cryptographic Algorithm模式。 4 规则.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=327 # Or scan entire project npx @shoulderdev/cli trust .
检测规则 (4)
🟨
Javascript
2 rules
JWT Algorithm Confusion Attack
HIGH
Detects JWT verification without explicit algorithm specification, allowing "none" algorithm attacks that bypass authentication.
Use of Weak Cryptographic Algorithm
HIGH
Detects use of weak or broken cryptographic algorithms for hashing passwords
or sensitive data.
**Weak algorithms detected:**
- **MD5**: Cryptographically broken, vulnerable to collision attacks
- **SHA1**: Deprecated, vulnerable to collision attacks
- **DES/3DES**: Weak block cipher with small key size
- **RC4**: Stream cipher with known vulnerabilities
**Impact:**
- Password hashes can be cracked using rainbow tables or brute force
- Data encrypted with weak algorithms can be decrypted by at
🔷
Typescript
2 rules
JWT Algorithm Confusion Attack
HIGH
Detects JWT verification without explicit algorithm specification, allowing "none" algorithm attacks that bypass authentication.
Use of Weak Cryptographic Algorithm
HIGH
Detects use of weak or broken cryptographic algorithms for hashing passwords
or sensitive data.
**Weak algorithms detected:**
- **MD5**: Cryptographically broken, vulnerable to collision attacks
- **SHA1**: Deprecated, vulnerable to collision attacks
- **DES/3DES**: Weak block cipher with small key size
- **RC4**: Stream cipher with known vulnerabilities
**Impact:**
- Password hashes can be cracked using rainbow tables or brute force
- Data encrypted with weak algorithms can be decrypted by at
🐹
Go
1 rules
4 警告信号
4 警告信号
代码审查中需要关注的内容
这些模式表明潜在的Use of a Broken or Risky Cryptographic Algorithm漏洞。在代码审查和安全审计中注意查找。
Weak cryptographic algorithm detected: ...
go-weak-crypto-algorithm
jwt.verify() without algorithm specification allows 'none' algorithm attack
javascript-jwt-algorithm-confusion
JWT verification without explicit algorithm specification, allowing "none" algorithm attacks that by
javascript-jwt-algorithm-confusion
use of weak or broken cryptographic algorithms for hashing passwords
or sensitive data
javascript-weak-crypto-algorithm
use of weak or deprecated cryptographic algorithms like MD5, SHA-1,
DES, or RC4
python-weak-crypto-algorithm
扫描你的代码库: Use of a Broken or Risky Cryptographic Algorithm
Shoulder CLI 在整个代码库中找到易受攻击的模式。