SYM_JAVA_0109 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Weak Hash
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-328: Use of Weak Hash |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code uses the MD5 hashing algorithm, which is outdated and insecure for cryptographic purposes. MD5 is vulnerable to collisions, making it unsuitable for securely hashing sensitive data or generating digital signatures.
Impact
Attackers could exploit MD5's weaknesses to generate the same hash for different inputs, allowing them to tamper with data or bypass integrity checks. This can lead to data breaches, unauthorized access, or the compromise of authentication mechanisms in your application.