Our website uses cookies to enhance your browsing experience.
Accept
to the top
Home
>
Posts
>
Examples of errors
>
Examples of errors detected by the...

Examples of errors detected by the V5314 diagnostic

V5314. OWASP. Use of an outdated hash algorithm is not recommended.

DBeaver

V5314. Use of the 'MD5' hash algorithm is not recommended. Such code may cause the exposure of sensitive data. EditConnectionWizard.java 330


private boolean checkLockPassword() {
  BaseAuthDialog dialog = new BaseAuthDialog(....);
  if (dialog.open() == IDialogConstants.OK_ID) {
    final String userPassword = dialog.getUserPassword();
    if (!CommonUtils.isEmpty(userPassword)) {
      try {
        final byte[]
                md5hash = MessageDigest.getInstance("MD5") // <=
                .digest(userPassword.getBytes(....));
        final String hexString = CommonUtils.toHexString(md5hash)
                                            .toLowerCase(Locale.ENGLISH)
                                            .trim();
        if (hexString.equals(dataSource.getLockPasswordHash())) {
          return true;
        }
        UIUtils.showMessageBox(....);
      } catch (Throwable e) {
        DBWorkbench.getPlatformUI().showError(....);
      }
    }
  }
  return false;
}