Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code uses insecure hash functions like MD4 or MD5, which are outdated and have known vulnerabilities. These algorithms should not be used for hashing sensitive data or for security-related purposes.
Impact#
Attackers can exploit weaknesses in MD4 or MD5 to create hash collisions, allowing them to tamper with data, forge signatures, or bypass authentication. This can lead to unauthorized access, data breaches, or loss of data integrity.