Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
The code uses the MD5 algorithm to hash passwords, which is not secure because MD5 can be quickly cracked with modern tools. Instead, use a stronger password hashing algorithm like bcrypt.
Impact#
If this vulnerability is present, attackers could easily recover user passwords if they gain access to the hashed password database. This can lead to unauthorized account access, data breaches, and compromised user information.