High Severity
🟠 Use of Weak Cryptographic Algorithm
🧠 Description
Application uses deprecated or weak cryptographic algorithms (e.g., MD5, SHA1, DES, RC4) for hashing, encryption, or signing. These can be broken or have known vulnerabilities.
Impact: Password Cracking, Data Decryption, Signature Forgery
🔍 Detection - Weak Algorithms
MD5 (hash)
SHA-1 (hash)
DES (encryption)
3DES (encryption)
RC4 (encryption)
ECB mode
🛡️ Mitigation
✅ Use SHA-256+ for hashing
✅ Use AES-128+ for encryption
✅ Use PBKDF2, bcrypt, or Argon2 for passwords
✅ Use authenticated encryption (GCM)
✅ Use AES-128+ for encryption
✅ Use PBKDF2, bcrypt, or Argon2 for passwords
✅ Use authenticated encryption (GCM)