Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
The code is using the MD5 algorithm to hash passwords, which is insecure because MD5 is fast and vulnerable to modern cracking techniques. Instead, use a stronger password hashing function like bcrypt to better protect user credentials.
Impact#
If MD5 is used for password hashing, attackers can easily crack password hashes and gain unauthorized access to user accounts. This can lead to data breaches, account takeovers, and significant reputational or legal damage to the organization.