SYM_JAVA_0105 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Weak Hash
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-328: Use of Weak Hash |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code uses the SHA-1 hashing algorithm, which is outdated and no longer considered secure because it is vulnerable to collisions. Applications should use stronger algorithms like SHA-256, SHA-512, or a dedicated password hashing function such as PBKDF2.
Impact
If SHA-1 is used for hashing sensitive data or digital signatures, attackers could exploit its weaknesses to generate collisions, potentially allowing unauthorized access, data tampering, or impersonation. This can lead to data breaches, loss of data integrity, and undermine trust in the application's security.