From 5e0f7452a7df583f4c1e5ae8b514ba61714dc6e8 Mon Sep 17 00:00:00 2001
From: maryamsaleem <maryamsaleem874@gmail.com>
Date: Thu, 6 Feb 2025 15:11:27 +0500
Subject: [PATCH] use if sha256 instead md5

---
 server/util-server.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/util-server.js b/server/util-server.js
index 4534b9198..64446e8e6 100644
--- a/server/util-server.js
+++ b/server/util-server.js
@@ -372,9 +372,9 @@ exports.constructAuthorizedRequest = function (request, username, password, prox
         nonce: proxyAuthenticateHeader.nonce.replace(/"/g, ""),
     };
     // Construct Digest authentication header manually
-    const ha1 = crypto.createHash("md5").update(`${username}:${digestChallenge.realm}:${password}`).digest("hex");
-    const ha2 = crypto.createHash("md5").update(`${request.method}:${request.uri}`).digest("hex");
-    const response = crypto.createHash("md5").update(`${ha1}:${digestChallenge.nonce}:${ha2}`).digest("hex");
+    const ha1 = crypto.createHash("sha256").update(`${username}:${digestChallenge.realm}:${password}`).digest("hex");
+    const ha2 = crypto.createHash("sha256").update(`${request.method}:${request.uri}`).digest("hex");
+    const response = crypto.createHash("sha256").update(`${ha1}:${digestChallenge.nonce}:${ha2}`).digest("hex");
     const authorizationHeader = `Digest username="${username}", realm="${digestChallenge.realm}", nonce="${digestChallenge.nonce}", uri="${request.uri}", response="${response}"`;
     const authorizedRequest = {
         ...request,