Back to Codebase
Vulnerability Analysis Report
Drupal Core v1.0
Scan ID: SCAN-DRUPAL-CORE-xlXKGH • Hash: 44a2e080
Severity Score
Medium
Total Findings
2
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.757s
Vulnerability Details
L383
Weak Cryptographic Hash (MD5) in account.php
CWE-327
File Location:
account.php:383
Security Score:
38 / 100
Potential False Positive
Rule Engine Warning
Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.
Heuristics Diff
- $new[hash] = substr(md5("$new[userid]. ". time() .""), 0, 12);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L346
Weak Cryptographic Hash (MD5) in account.php
CWE-327
File Location:
account.php:346
Security Score:
32 / 100
Potential False Positive
Rule Engine Warning
Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.
Heuristics Diff
- $hash = substr(md5("$userid. ". time() .""), 0, 12);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing