Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code uses the SHA1 hash algorithm, which is outdated and no longer secure for cryptographic purposes. SHA1 can be broken by attackers, making it unsafe for hashing sensitive data or creating digital signatures.
Impact#
If an attacker exploits weaknesses in SHA1, they could create forged data or signatures that appear valid, leading to data breaches, integrity failures, or unauthorized access. This puts sensitive information, user authentication, and the application’s reputation at risk.