SYM_PHP_0025 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
MD5 is being used to hash user passwords, but MD5 is outdated and no longer secure for this purpose. Attackers can easily crack MD5 hashes using modern hardware and tools.
Impact
If exploited, attackers could quickly recover user passwords from stolen MD5 hashes, leading to account takeovers, data breaches, and potential unauthorized access to sensitive information within the application.