SYM_RB_0016 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Weak Hash
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-328: Use of Weak Hash |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code uses the MD5 hashing algorithm, which is outdated and vulnerable to brute-force and collision attacks. MD5 should not be used for hashing sensitive data or security-critical operations.
Impact
Attackers can exploit MD5's weaknesses to generate matching hashes for different inputs, potentially allowing them to bypass authentication, tamper with data, or forge digital signatures. This puts sensitive information and system integrity at serious risk.