Property
Language	csharp
Severity
CWE	CWE-780: Use of RSA Algorithm without OAEP
OWASP	A02:2021 - Cryptographic Failures
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	High

Description

The code uses the outdated PKCS#1 v1.5 padding for RSA encryption, which is no longer considered secure. Modern best practices recommend using OAEP padding to protect sensitive data during encryption and key exchange.

Impact

If PKCS#1 v1.5 padding is used, attackers may be able to exploit known weaknesses to decrypt or tamper with encrypted data, potentially exposing confidential information or enabling unauthorized access to secure communications.

Property
Language
Severity
CWE	CWE-780: Use of RSA Algorithm without OAEP
OWASP	A02:2021 - Cryptographic Failures
Confidence Level	High
Impact Level	Medium
Likelihood Level	Medium

Description

The code uses RSA encryption without OAEP (Optimal Asymmetric Encryption Padding), which makes the encryption weaker and more vulnerable to attacks. Using RSA without proper padding can expose sensitive data.

Impact

If exploited, attackers could decrypt or tamper with encrypted data by exploiting weaknesses in the padding scheme. This can lead to exposure of confidential information, such as passwords or personal data, undermining the security of your application.

Property
Language
Severity
CWE	CWE-1104: Use of Unmaintained Third Party Components
OWASP	A06:2021 - Vulnerable and Outdated Components
Confidence Level	Low
Impact Level	Low
Likelihood Level	Low

Description

The AWS ECR repository is not set to automatically scan container images for vulnerabilities when they are pushed. This means potentially unsafe images could be stored and deployed without any security checks.

Impact

Without image scanning on push, vulnerable or outdated components within container images may go undetected, increasing the risk of running insecure workloads. Attackers could exploit these vulnerabilities to gain unauthorized access, compromise applications, or affect the integrity of your infrastructure.

Property
Language
Severity
CWE	CWE-1104: Use of Unmaintained Third Party Components
OWASP	A06:2021 - Vulnerable and Outdated Components
Confidence Level	Low
Impact Level	High
Likelihood Level	Low

Description

The code uses the notevil package, which is no longer maintained and contains known security vulnerabilities. Relying on outdated packages, especially those evaluating code, can introduce serious security risks.

Impact

Attackers could exploit vulnerabilities in notevil to execute malicious code, leading to data theft, unauthorized access, or complete compromise of the application and its users. Using unmaintained components increases the risk of undetected security flaws being exploited in production.

Property
Language	clojure
Severity
CWE	CWE-328: Use of Weak Hash
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	High
Impact Level	High
Likelihood Level	Medium

Description

The code is using the MD5 hashing algorithm, which is outdated and insecure. MD5 can be easily broken, making it unsuitable for protecting sensitive data like passwords.

Impact

If this vulnerability is exploited, attackers can quickly crack hashed data such as passwords or tokens, leading to unauthorized access, data breaches, and potential compromise of user accounts or sensitive information.

Property
Language
Severity
CWE	CWE-328: Use of Weak Hash
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Medium

Description

Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.

Property
Language
Severity
CWE	CWE-328: Use of Weak Hash
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Medium

Description

Detected SHA1 hash algorithm which is considered insecure. SHA1 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.

Property
Language
Severity
CWE	CWE-328: Use of Weak Hash
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Low

Description

The code uses the MD5 hash algorithm, which is outdated and vulnerable to collision attacks. MD5 should not be used for hashing sensitive data or as part of cryptographic operations.

Impact

Attackers can exploit MD5’s weaknesses to create different inputs that produce the same hash, potentially allowing them to bypass authentication, tamper with data, or forge digital signatures. This undermines data integrity and can expose sensitive information or compromise system security.

Property
Language	java
Severity
CWE	CWE-328: Use of Weak Hash
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	High
Impact Level	Medium
Likelihood Level	Medium

Description

The code uses the SHA-1 hashing algorithm, which is outdated and no longer considered secure because it is vulnerable to collisions. Applications should use stronger algorithms like SHA-256, SHA-512, or a dedicated password hashing function such as PBKDF2.

Impact

If SHA-1 is used for hashing sensitive data or digital signatures, attackers could exploit its weaknesses to generate collisions, potentially allowing unauthorized access, data tampering, or impersonation. This can lead to data breaches, loss of data integrity, and undermine trust in the application’s security.

Property
Language	java
Severity
CWE	CWE-328: Use of Weak Hash
OWASP	A03:2017 - Sensitive Data Exposure
Confidence Level	High
Impact Level	Medium
Likelihood Level	Medium

Description

The code uses the MD5 hashing algorithm, which is outdated and insecure for cryptographic purposes. MD5 is vulnerable to collisions, making it unsuitable for securely hashing sensitive data or generating digital signatures.

Impact

Attackers could exploit MD5’s weaknesses to generate the same hash for different inputs, allowing them to tamper with data or bypass integrity checks. This can lead to data breaches, unauthorized access, or the compromise of authentication mechanisms in your application.