Deprecated Hash Function

3 posts by 2 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: November 30   (RSS)


After a recent PT where our web-app was tested we got some security remediation.

Deprecated Hash Function: Both the SHA-1 and MD5 methods are deprecated, and should no longer be used for hashing.

Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management. Store passwords using strong adaptive and salted hashing functions with a work factor (delay factor), such as Argon2, scrypt, bcrypt or PBKDF2.

Is there any plan to replace the hash function in the cmsb/membership?

Thank you Dave, I'll go up to the version 3.72.