SiteShadow
Back to vulnerability library
Detected byRegex rules + pattern checksFree

A02 Cryptographic Failures

What this means

SiteShadow flagged cryptography usage that may be weak, outdated, or applied incorrectly for sensitive data (passwords, tokens, PII, secrets at rest/in transit).

Why it matters

Weak cryptography can lead to data exposure, tampering, or credential compromise.

Safer examples

1) Use modern password hashing (not "hash(password)")

Prefer Argon2id, scrypt, or bcrypt with appropriate cost.

from argon2 import PasswordHasher
ph = PasswordHasher()
hash = ph.hash(password)

2) Use vetted TLS and keep verification on

3) Use modern primitives and secure modes

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this in your code with the free tier.

SiteShadow's free tier covers this exact pattern across the 23 OWASP Top 10 single-file checks. Sign in with your work SSO, first-time sign-in auto-issues your free license.