SYM_PY_0254 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code uses the MD5 hash algorithm, which is outdated and insecure due to known vulnerabilities. MD5 can be easily broken, allowing attackers to create different data with the same hash value.
Impact
If MD5 is used for hashing passwords, data integrity, or digital signatures, attackers could forge data or gain unauthorized access by exploiting hash collisions. This puts sensitive data and authentication mechanisms at risk, potentially leading to data breaches or compromised systems.