Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code uses the MD4 hash algorithm, which is outdated and insecure. MD4 is vulnerable to collisions and should not be used for hashing sensitive data or cryptographic signatures.
Impact#
Attackers could exploit MD4’s weaknesses to generate forged hashes, potentially bypassing authentication, tampering with data integrity, or exposing sensitive information. This can lead to unauthorized access or data breaches if not replaced with a secure hash algorithm like SHA-2 or SHA-3.