Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
MD5 is being used to hash user passwords, but MD5 is outdated and no longer secure for this purpose. Attackers can easily crack MD5 hashes using modern hardware and tools.
Impact#
If exploited, attackers could quickly recover user passwords from stolen MD5 hashes, leading to account takeovers, data breaches, and potential unauthorized access to sensitive information within the application.