Critical

SHA-1 and Message-Digest hash algorithms should not be used in secure contexts

  • Vulnerability
  • - Critical

Rule description

  • SHA-1 and Message-Digest hash algorithms should not be used in secure contexts

 

Non-compliant Code Example 

DECLARE @hashText nvarchar(32);  
SET @hashText = CONVERT(nvarchar(32),'asffafffsdfasdaffs%knhtu76sdfasdfafff');  
SELECT HASHBYTES('SHA1', @hashText); --Non compliant code (SHA-1 and Message-Digest hash algorithms should not be used in secure contexts)

GO

DECLARE @hashText nvarchar(32);  
SET @hashText = CONVERT(nvarchar(32),'asffaffffasdfaadfs%knhtu76sdfasdfafff');  
SELECT HASHBYTES('MD5', @hashText); --Non compliant code (SHA-1 and Message-Digest hash algorithms should not be used in secure contexts)

GO
Visual Expert 2020
 VETSQLRULE59