Metadata

ID: javascript-node-security/avoid-crypto-sha1

Language: JavaScript

Severity: Warning

Category: Security

CWE: 328

Related CWEs:

• 916

Description

Use of insecure encryption or hashing protocols expose your application to vulnerabilities.

Learn More

• JS Crypto Library

Non-Compliant Code Examples

var hash = CryptoJS.HmacSHA1("Message", "Secret Passphrase");
var hash = CryptoJS.HmacSHA1("Message", "Secret Passphrase", anotherargument);

Compliant Code Examples

// Safe: using HmacSHA256 instead of HmacSHA1
var hash = CryptoJS.HmacSHA256("Message", "Secret Passphrase");