SYM_JAVA_0085 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
The code is using MD5 to hash passwords, which is insecure because MD5 is fast and vulnerable to brute-force and collision attacks. Modern password hashing algorithms like bcrypt or PBKDF2 should be used instead to better protect user credentials.
Impact
If attackers obtain hashed passwords, they can quickly crack them due to MD5's weaknesses, leading to account takeovers, data breaches, and potential compromise of other services where users may reuse passwords. This puts both user data and organizational security at significant risk.