CWE-326 | Hawk.js Contains Weak Hash Algorithm 

### Summary
The hawk.js accepts SHA-1 credentials for authentication which is no longer considered cryptographically secure. With enough resources, an attacker might be able to crack the authentication mechanism and disclose sensitive information from the application.

### Simplest Example to Reproduce
```js
if (['sha1', 'sha256'].indexOf(credentials.algorithm) === -1) {
    return ''
}

```

### Possible Solution
```js
if (credentials.algorithm !== 'sha256') {
    return ''
}
```

### Context
This issue has been created as part of our SCA vulnerability remediation efforts.

### Your Environment
The Cypress package is used for UAT automation in our Gitlab pipelines.

`@cypress/request : 3.0.5`


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CWE-326 | Hawk.js Contains Weak Hash Algorithm #75

Summary

Simplest Example to Reproduce

Possible Solution

Context

Your Environment

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CWE-326 | Hawk.js Contains Weak Hash Algorithm #75

Description

Summary

Simplest Example to Reproduce

Possible Solution

Context

Your Environment

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions