Insecure encryption algorithm - MD5
Description
The web application uses insecure algorithms such as MD5 to hash passwords.
Impact
Crack captured credential easily.
Recommendation
Use secure hashing algorithms to store passwords like PBKDF2.
Threat
Authenticated attacker from the Internet with compromised DB hashes.
Expected Remediation Time
⏱️ 30 minutes.
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
H
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
N
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
P
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P