Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Usage of MD5 flagged as vulnerability in mobile penetration testing #2116

Open
3 tasks done
kmaschke85 opened this issue Jul 28, 2023 · 0 comments
Open
3 tasks done

Usage of MD5 flagged as vulnerability in mobile penetration testing #2116

kmaschke85 opened this issue Jul 28, 2023 · 0 comments
Labels
v8

Comments

@kmaschke85
Copy link

kmaschke85 commented Jul 28, 2023
edited
Loading

Check List

Thanks for considering to open an issue. Before you submit your issue, please confirm these boxes are checked.

Issue Description

What

Our app has to pass mobile penetration testing and during scanning our code base, Kingfisher was flagged as being vulnerable because of using MD5.

Reproduce

Integrate Kingfisher into an iOS project via Cocoapods and use MobSF to scan the code base.
Bildschirmfoto 2023-07-28 um 12 12 50

Other Comment

Should be simple to replace MD5 with SHA256 provided by CryptoKit, but minimum iOS version would need to be bumped to 13.0.
kmaschke85 pushed a commit to limeade/Kingfisher that referenced this issue Jul 28, 2023
Replaced MD5 with SHA256 onevcat#2116
0e28b19
@kmaschke85 kmaschke85 mentioned this issue Jul 28, 2023
Merged
@onevcat onevcat added the v8 label Oct 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
v8
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@onevcat @kmaschke85