Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code uses the MD2 hash algorithm, which is outdated and no longer secure due to known weaknesses. MD2 is vulnerable to collisions, making it unsafe for hashing sensitive data or verifying integrity.
Impact#
Attackers could exploit MD2’s weaknesses to forge data or signatures, potentially leading to unauthorized access, data tampering, or exposure of sensitive information. This puts both application security and user data at risk.