SYM_PY_0250 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code uses the MD2 hash algorithm, which is outdated and no longer secure due to known weaknesses. MD2 is vulnerable to collisions, making it unsafe for hashing sensitive data or verifying integrity.
Impact
Attackers could exploit MD2's weaknesses to forge data or signatures, potentially leading to unauthorized access, data tampering, or exposure of sensitive information. This puts both application security and user data at risk.