Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | High |
Description#
The code uses the MD5 algorithm to hash passwords. MD5 is outdated and weak, making hashed passwords easy for attackers to crack using modern hardware.
Impact#
If exploited, attackers could quickly recover user passwords from leaked or stolen hashes, leading to account compromise, unauthorized access, and potential data breaches affecting your users and organization.