Back to Codebase
Vulnerability Analysis Report
Drupal Core v2.0
Scan ID: SCAN-DRUPAL-CORE-uXgd14 • Hash: 46771d1f
Severity Score
Medium
Total Findings
2
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.1s
Vulnerability Details
L349
Weak Cryptographic Hash (MD5) in account.php
CWE-327
File Location:
account.php:349
Security Score:
32 / 100
Potential False Positive
Rule Engine Warning
Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.
Heuristics Diff
- $new[hash] = substr(md5("$new[userid]. ". time()), 0, 12);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L311
Weak Cryptographic Hash (MD5) in account.php
CWE-327
File Location:
account.php:311
Security Score:
30 / 100
Potential False Positive
Rule Engine Warning
Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.
Heuristics Diff
- $hash = substr(md5("$userid. ". time() .""), 0, 12);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing