Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code is using the MD5 hash algorithm, which is outdated and insecure due to known vulnerabilities. MD5 can be easily broken, making it unsafe for protecting sensitive data or verifying file integrity.
Impact#
Attackers can exploit MD5’s weaknesses to create collisions, forging data or bypassing authentication checks. This can lead to unauthorized access, data tampering, or exposure of sensitive information, putting the application and its users at risk.