Use of Weak Hash
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-328: Use of Weak Hash |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The code uses the MD5 hashing algorithm, which is outdated and vulnerable to brute-force and collision attacks. MD5 should not be used for hashing sensitive data or security-critical operations.
Impact#
Attackers can exploit MD5’s weaknesses to generate matching hashes for different inputs, potentially allowing them to bypass authentication, tamper with data, or forge digital signatures. This puts sensitive information and system integrity at serious risk.