Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
MD5 is being used to hash passwords, but it is a weak and outdated algorithm that attackers can easily crack. Passwords should be hashed using secure algorithms like bcrypt.
Impact#
If attackers breach your password database, they can quickly recover user passwords due to MD5’s vulnerabilities. This can lead to account takeovers, data breaches, and loss of user trust in your application.