You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am reaching out to you as we conducted an empirical study to understand the nature of cryptographic misuses in enterprise-driven projects on GitHub. During our study, we randomly inspected a few of the misuses. One of the misuses for which we could confirm the finding of the analysis, CogniCryptSAST, is one in your project:
PluggableParameterOperatorDigest uses MD5 as a parameter to java.security.MessageDigest. By now, it is possible to have collisions with MD5 and are not considered secure any longer. Therefore, one should not use MD5 anymore in a security context like password storage, token generation, or computation integrity. This misuse is also considered problematic by industry tools like SonarSource.
We hope that this information helps you and to hear back from you
The text was updated successfully, but these errors were encountered:
I am reaching out to you as we conducted an empirical study to understand the nature of cryptographic misuses in enterprise-driven projects on GitHub. During our study, we randomly inspected a few of the misuses. One of the misuses for which we could confirm the finding of the analysis, CogniCryptSAST, is one in your project:
We hope that this information helps you and to hear back from you
The text was updated successfully, but these errors were encountered: