SYM_JAVA_0025 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Weak Hash
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-328: Use of Weak Hash |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code uses the MD5 hash algorithm, which is outdated and vulnerable to collision attacks. MD5 should not be used for hashing sensitive data or as part of cryptographic operations.
Impact
Attackers can exploit MD5's weaknesses to create different inputs that produce the same hash, potentially allowing them to bypass authentication, tamper with data, or forge digital signatures. This undermines data integrity and can expose sensitive information or compromise system security.