SYM_PY_0053 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | High |
Description
The code uses the MD5 algorithm to hash passwords. MD5 is outdated and weak, making hashed passwords easy for attackers to crack using modern hardware.
Impact
If exploited, attackers could quickly recover user passwords from leaked or stolen hashes, leading to account compromise, unauthorized access, and potential data breaches affecting your users and organization.