Hello Sir,
We are raising this ticket based on observations from our Security Team regarding the usage of MD5 and CBC algorithms in the current implementation.
During our verification, we identified references using the following command:
grep -r "MD5|md5|PBEWith|AES-CBC" build/
We also noticed that MD5 is being used for user identity hashing in version 4.0.0 and below.
As MD5 and CBC are considered outdated from a security perspective, could you please review the possibility of upgrading to more secure algorithms such as SHA-256 and stronger encryption standards? This enhancement would help us address and close the reported security findings from the VAPT assessment.
Please let us know if any additional information is required from our side.
Thank you for your support.
Hello Sir,
We are raising this ticket based on observations from our Security Team regarding the usage of MD5 and CBC algorithms in the current implementation.
During our verification, we identified references using the following command:
grep -r "MD5|md5|PBEWith|AES-CBC" build/
We also noticed that MD5 is being used for user identity hashing in version 4.0.0 and below.
As MD5 and CBC are considered outdated from a security perspective, could you please review the possibility of upgrading to more secure algorithms such as SHA-256 and stronger encryption standards? This enhancement would help us address and close the reported security findings from the VAPT assessment.
Please let us know if any additional information is required from our side.
Thank you for your support.