Property
Language
Severity
CWE	CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	High

Description

MD5 is being used to hash user passwords, but MD5 is outdated and no longer secure for this purpose. Attackers can easily crack MD5 hashes using modern hardware and tools.

Impact

If exploited, attackers could quickly recover user passwords from stolen MD5 hashes, leading to account takeovers, data breaches, and potential unauthorized access to sensitive information within the application.

Property
Language
Severity
CWE	CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Medium

Description

The code is allowing or generating JWT tokens using the ’none’ algorithm, which means the token is not cryptographically signed. This leaves the application vulnerable because anyone can create or modify tokens that will be accepted as valid.

Property
Language
Severity
CWE	CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Low

Description

Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.

Property
Language
Severity
CWE	CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Low

Description

The code uses insecure hash functions like MD4 or MD5, which are outdated and have known vulnerabilities. These algorithms should not be used for hashing sensitive data or for security-related purposes.

Impact

Attackers can exploit weaknesses in MD4 or MD5 to create hash collisions, allowing them to tamper with data, forge signatures, or bypass authentication. This can lead to unauthorized access, data breaches, or loss of data integrity.

Property
Language
Severity
CWE	CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Low

Description

Detected SHA1 hash algorithm which is considered insecure. SHA1 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.

Property
Language
Severity
CWE	CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	Medium
Impact Level	Low
Likelihood Level	High

Description

The code uses the MD5 algorithm to hash passwords. MD5 is outdated and weak, making hashed passwords easy for attackers to crack using modern hardware.

Impact

If exploited, attackers could quickly recover user passwords from leaked or stolen hashes, leading to account compromise, unauthorized access, and potential data breaches affecting your users and organization.

Property
Language
Severity
CWE	CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP	A02:2021 – Cryptographic Failures
Confidence Level	High
Impact Level	High
Likelihood Level	Low

Description

Using Flask’s secret key as the salt for HashIDs exposes the key because HashIDs are not cryptographically secure. Attackers can reverse-engineer the secret key by analyzing enough generated HashIDs.

Impact

If exploited, an attacker can recover the Flask secret key, allowing them to forge session cookies or other sensitive tokens. This could lead to full compromise of user sessions, data breaches, or unauthorized access to protected parts of the application.

Property
Language
Severity
CWE	CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Low

Description

The code is using the MD5 hash algorithm, which is outdated and insecure due to known vulnerabilities. MD5 can be easily broken, making it unsafe for protecting sensitive data or verifying file integrity.

Impact

Attackers can exploit MD5’s weaknesses to create collisions, forging data or bypassing authentication checks. This can lead to unauthorized access, data tampering, or exposure of sensitive information, putting the application and its users at risk.

Property
Language
Severity
CWE	CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Medium

Description

The code is using the Blowfish cipher for encryption, which is outdated and has known weaknesses, especially with certain keys. It is recommended to use a more secure algorithm like AES instead.

Impact

If Blowfish is used, attackers may be able to exploit its weaknesses to decrypt sensitive data or compromise encrypted information. This can lead to exposure of confidential data, violating compliance requirements and potentially harming users and the organization.

Property
Language
Severity
CWE	CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Low

Description

The code uses an encryption mode like CBC, CTR, CFB, or OFB without adding message authentication. This means encrypted data can be tampered with or altered by attackers without detection.

Impact

If exploited, attackers could modify or corrupt encrypted data, potentially leading to unauthorized access, data exposure, or application errors. This can compromise sensitive information and undermine the security of the entire system.