SYM_RB_0010 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Weak Hash
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-328: Use of Weak Hash |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code uses the SHA1 hashing algorithm, which is outdated and no longer secure due to proven vulnerabilities that allow attackers to create hash collisions. It's recommended to use stronger algorithms like SHA256 or SHA3 instead.
Impact
If SHA1 is used, attackers could exploit hash collisions to forge or tamper with data, potentially bypassing security checks or compromising sensitive information. This can lead to data breaches, authentication bypass, or other critical security failures in your application.