SYM_GO_0014 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
MD5 is being used to hash passwords, but it is a weak and outdated algorithm that attackers can easily crack. Passwords should be hashed using secure algorithms like bcrypt.
Impact
If attackers breach your password database, they can quickly recover user passwords due to MD5's vulnerabilities. This can lead to account takeovers, data breaches, and loss of user trust in your application.