Back to Codebase

Vulnerability Analysis Report

Drupal Core v2.0

Scan ID: SCAN-DRUPAL-CORE-uXgd14 • Hash: 46771d1f

Severity Score
Medium
Total Findings
2
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.1s

Vulnerability Details

L349

Weak Cryptographic Hash (MD5) in account.php

CWE-327
File Location: account.php:349
Security Score:
32 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $new[hash] = substr(md5("$new[userid]. ". time()), 0, 12);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L311

Weak Cryptographic Hash (MD5) in account.php

CWE-327
File Location: account.php:311
Security Score:
30 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $hash = substr(md5("$userid. ". time() .""), 0, 12);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing