SiteShadow
Back to vulnerability library
Detected byRegex rules + pattern checksFree

C02 Weak Cryptography

What this means

SiteShadow flagged cryptographic choices that are weak, deprecated, or easy to misuse (weak hashes for passwords, insecure algorithms/modes, or DIY crypto).

Why it matters

Weak crypto can be broken or bypassed, exposing sensitive data.

Safer examples

1) Hash passwords with Argon2id/scrypt/bcrypt (not a generic hash)

from argon2 import PasswordHasher
ph = PasswordHasher()
stored = ph.hash(password)

2) Use modern encryption defaults (via libraries)

Prefer library-provided, authenticated encryption modes (AES-GCM / ChaCha20-Poly1305) rather than implementing crypto yourself.

3) Avoid hardcoded keys and predictable salts

Store keys in a secret manager/HSM; generate salts per-password; rotate keys.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this in your code with the free tier.

SiteShadow's free tier covers this exact pattern across the 23 OWASP Top 10 single-file checks. Sign in with your work SSO, first-time sign-in auto-issues your free license.