Use of Weak Hash
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-328: Use of Weak Hash |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code uses outdated or insecure cryptographic functions like md5, sha1, or crypt, which are no longer considered safe for hashing sensitive data. These functions are vulnerable to attacks that can compromise passwords or other protected information.
Impact#
If an attacker exploits this weakness, they could crack hashed passwords or tamper with supposedly secure data, leading to unauthorized access, data breaches, or manipulation of protected information. This can undermine user trust and expose the application to regulatory or reputational risks.