SYM_JAVA_0023 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code uses the SHA-1 hashing algorithm, which is no longer secure due to known weaknesses that allow attackers to create hash collisions. Using SHA-1 for cryptographic purposes can lead to compromised data integrity and authentication.
Impact
An attacker could exploit SHA-1's weaknesses to forge digital signatures, tamper with files, or bypass authentication checks, leading to potential data breaches, unauthorized access, or loss of trust in the application's security. This can result in sensitive data exposure and legal or reputational damage.