SYM_PY_0162 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code uses the SHA1 hash algorithm, which is outdated and no longer secure for cryptographic purposes. SHA1 can be broken by attackers, making it unsafe for hashing sensitive data or creating digital signatures.
Impact
If an attacker exploits weaknesses in SHA1, they could create forged data or signatures that appear valid, leading to data breaches, integrity failures, or unauthorized access. This puts sensitive information, user authentication, and the application's reputation at risk.