SYM_JAVA_0120 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Weak Hash
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-328: Use of Weak Hash |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code uses the MD5 hashing algorithm, which is outdated and insecure because it is vulnerable to collisions. This means attackers can create different inputs that produce the same hash value, making MD5 unsuitable for protecting sensitive data or verifying integrity.
Impact
If MD5 is used for hashing passwords, signatures, or sensitive data, attackers could forge data or bypass authentication by exploiting hash collisions. This can lead to data breaches, unauthorized access, and loss of trust in the application's security.