updateUserFields method in Model.php updated the user password in to DB by using MD5 encryption, SonarQube rises a security hotspot on this with the message
Make sure this weak hash algorithm is not used in a sensitive context here.
Suggested fix from SonarQube,
Safer alternatives, such as SHA-256, SHA-512, SHA-3 are recommended, and for password hashing, it's even better to use algorithms that do not compute too "quickly", like bcrypt, scrypt, argon2 or pbkdf2 because it slows down brute force attacks.
Hi @tw-mk. Thanks for creating this issue. Actually only the token_auth should be created using md5. But in the database the token_auth as well as the password should be stored using sha512