SYM_PY_0011 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code uses insecure hash functions like MD4 or MD5, which are outdated and have known vulnerabilities. These algorithms should not be used for hashing sensitive data or for security-related purposes.
Impact
Attackers can exploit weaknesses in MD4 or MD5 to create hash collisions, allowing them to tamper with data, forge signatures, or bypass authentication. This can lead to unauthorized access, data breaches, or loss of data integrity.