Hash Generated Using Broken Cryptography API (SHA1)

[JayP2405]

Hash Generated Using Broken Cryptography API (SHA1)

Severity: Medium Exploitability: Difficult CVSS: 4.0

The following code locations within the App use 'CC_SHA1' or 'CryptoKit.Insecure.SHA1' functions to generate a message digest: -[RNFSManager hash:algorithm:resolver:rejecter:] calls _CC_SHA1()

The vulnerable code locations use the 'CC_SHA1' or 'CryptoKit.Insecure.SHA1' hashing functions, which leverage hashing algorithms that are proven to be vulnerable to collision attacks, and are unsuitable for modern use.

Apple officially considers this algorithm insecure. They state in iOS 13 CryptoKit documentation:

This hash algorithm isn't considered cryptographically secure, but is provided for backward compatibility with older services that require it. For new services, prefer one of the secure hashes, like SHA512.

Recommendation: Switch each usage of these outdated hashing functions to use a stronger algorithm with better collision resistance properties, such as SHA-256 or SHA-512.

Stack Trace: The following related source code symbols were identified:

- [RNFSManager read:length:position:resolver:rejecter:]
- [RNFSManager __rct_export__3009]
- [RNFSManager readFile:resolver:rejecter:]
@"EISDIR: illegal operation on a directory, read"
@"ENOENT: no such file or directory, open '%@'"
@"Invalid hash algorithm '%@'"

Analysis: On tracking, found the vulnerable codes inside RNFSManager.m file.